Information | Value |
---|---|
ID | #1 |
File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe |
Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe" |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:11, Reason: Analysis Target |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:10 |
Information | Value |
---|---|
PID | 0x9c4 |
Parent PID | 0x560 (c:\programdata\bce1010314.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
9C8
0x
9CC
0x
9D0
0x
9D4
0x
9D8
0x
9DC
0x
9E0
0x
9E8
0x
9F0
0x
9F4
0x
9FC
0x
A04
0x
A08
0x
A0C
0x
A14
0x
A18
0x
A24
0x
A30
0x
A4C
0x
A6C
0x
A80
0x
A9C
0x
AB0
0x
AF4
0x
B1C
0x
BF0
0x
BF4
0x
BF8
0x
BFC
0x
804
0x
814
0x
824
0x
834
0x
3FC
0x
7EC
0x
844
0x
888
0x
89C
0x
868
0x
864
0x
250
0x
624
0x
63C
0x
700
0x
5D8
0x
5F8
0x
550
0x
72C
0x
43C
0x
260
0x
850
0x
6F0
0x
5DC
0x
660
0x
8D0
0x
8D4
0x
3A8
0x
7B0
0x
794
0x
57C
0x
608
0x
530
0x
8DC
0x
8D8
0x
8A8
0x
8FC
0x
328
0x
218
0x
540
0x
910
0x
91C
0x
908
0x
8F4
0x
60C
0x
8EC
0x
744
0x
8E8
0x
8E4
0x
950
0x
95C
0x
968
0x
984
0x
9A0
0x
940
0x
92C
0x
99C
0x
934
0x
930
0x
8F0
0x
900
0x
8E0
0x
928
0x
938
0x
944
0x
998
0x
94C
0x
954
0x
924
0x
994
0x
990
0x
98C
0x
980
0x
9C0
0x
8F8
0x
914
0x
920
0x
380
0x
884
0x
9F8
0x
880
0x
878
0x
87C
0x
88C
0x
870
0x
A30
0x
A40
0x
A74
0x
AA4
0x
AB0
0x
AF4
0x
638
0x
B24
0x
97C
0x
B10
0x
AE8
0x
B4C
0x
B1C
0x
B08
0x
B44
0x
AE0
0x
B48
0x
B38
0x
B58
0x
B2C
0x
B5C
0x
AB4
0x
A2C
0x
B78
0x
978
0x
9BC
0x
A58
0x
ACC
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x0003ffff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c6fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f1fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x00200000 | 0x00200fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x003f0000 | 0x00456fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000460000 | 0x00460000 | 0x005e7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005f0000 | 0x005f0000 | 0x00770fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000780000 | 0x00780000 | 0x01b7ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001b80000 | 0x01b80000 | 0x01bfffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001c00000 | 0x01c00000 | 0x01cdefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001ce0000 | 0x01ce0000 | 0x01d1ffff | Private Memory | Readable, Writable |
|
|||
cversions.1.db | 0x01d20000 | 0x01d23fff | Memory Mapped File | Readable |
|
|||
private_0x0000000001d20000 | 0x01d20000 | 0x01d20fff | Private Memory | Readable, Writable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db | 0x01d30000 | 0x01d4dfff | Memory Mapped File | Readable |
|
|||
private_0x0000000001d50000 | 0x01d50000 | 0x01d5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d60000 | 0x01d60000 | 0x01e5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e60000 | 0x01e60000 | 0x01e9ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x01ea0000 | 0x01edbfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x01ea0000 | 0x01edbfff | Memory Mapped File | Readable |
|
|||
private_0x0000000001ea0000 | 0x01ea0000 | 0x01edffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000001ef0000 | 0x01ef0000 | 0x01f2ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001f30000 | 0x01f30000 | 0x02322fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002330000 | 0x02330000 | 0x0242ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002430000 | 0x02430000 | 0x0246ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002470000 | 0x02470000 | 0x024affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024d0000 | 0x024d0000 | 0x024dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024e0000 | 0x024e0000 | 0x025dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000025e0000 | 0x025e0000 | 0x026a7fff | Private Memory | Readable, Writable, Executable |
|
|||
sortdefault.nls | 0x026b0000 | 0x0297efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002980000 | 0x02980000 | 0x02a7ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x02a80000 | 0x02b3ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002b40000 | 0x02b40000 | 0x02c3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c40000 | 0x02c40000 | 0x02c7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c80000 | 0x02c80000 | 0x02d7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d80000 | 0x02d80000 | 0x02d80fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d90000 | 0x02d90000 | 0x02d90fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002da0000 | 0x02da0000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ea0000 | 0x02ea0000 | 0x02ea0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002eb0000 | 0x02eb0000 | 0x02eb0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ec0000 | 0x02ec0000 | 0x02ec0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ed0000 | 0x02ed0000 | 0x02ed0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ee0000 | 0x02ee0000 | 0x02ee0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ef0000 | 0x02ef0000 | 0x02ef0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002f00000 | 0x02f00000 | 0x02f00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002f10000 | 0x02f10000 | 0x02f10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002f20000 | 0x02f20000 | 0x0301ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003020000 | 0x03020000 | 0x03020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003030000 | 0x03030000 | 0x03030fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003040000 | 0x03040000 | 0x03040fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003050000 | 0x03050000 | 0x03050fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003060000 | 0x03060000 | 0x03060fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003070000 | 0x03070000 | 0x03070fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003080000 | 0x03080000 | 0x03080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003090000 | 0x03090000 | 0x03090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030a0000 | 0x030a0000 | 0x030a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030b0000 | 0x030b0000 | 0x030effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030f0000 | 0x030f0000 | 0x031effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031f0000 | 0x031f0000 | 0x031f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003200000 | 0x03200000 | 0x03200fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003210000 | 0x03210000 | 0x03210fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003220000 | 0x03220000 | 0x03220fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003230000 | 0x03230000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003240000 | 0x03240000 | 0x03240fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003250000 | 0x03250000 | 0x03250fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003260000 | 0x03260000 | 0x03260fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003270000 | 0x03270000 | 0x032affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032b0000 | 0x032b0000 | 0x033affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000033b0000 | 0x033b0000 | 0x033b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000033c0000 | 0x033c0000 | 0x033c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000033d0000 | 0x033d0000 | 0x033d0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d40000 | 0x03d40000 | 0x03d40fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000003e50000 | 0x03e50000 | 0x03e8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e50000 | 0x03e50000 | 0x03e8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e90000 | 0x03e90000 | 0x03f8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e90000 | 0x03e90000 | 0x03f8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004080000 | 0x04080000 | 0x04080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004080000 | 0x04080000 | 0x04080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004090000 | 0x04090000 | 0x04090fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004090000 | 0x04090000 | 0x04090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000040a0000 | 0x040a0000 | 0x040dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000040e0000 | 0x040e0000 | 0x040e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000040f0000 | 0x040f0000 | 0x040f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004100000 | 0x04100000 | 0x0413ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004140000 | 0x04140000 | 0x04140fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004150000 | 0x04150000 | 0x04150fff | Private Memory | Readable, Writable |
|
|||
boot.sdi | 0x041d0000 | 0x044acfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000044b0000 | 0x044b0000 | 0x045affff | Private Memory | Readable, Writable |
|
|||
winre.wim | 0x045b0000 | 0x0488cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000004890000 | 0x04890000 | 0x0498ffff | Private Memory | Readable, Writable |
|
|||
xzzx_cryptmix.vir.exe | 0x55820000 | 0x5585bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74b40000 | 0x74bbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x74cb0000 | 0x74cd0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x74ce0000 | 0x74dd4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74de0000 | 0x74e1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74e20000 | 0x74e35fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74e40000 | 0x74fddfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credssp.dll | 0x74fe0000 | 0x74fe7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ff0000 | 0x75005fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x75000000 | 0x7500dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x75010000 | 0x75017fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pdh.dll | 0x75020000 | 0x7505bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x75060000 | 0x750e3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75260000 | 0x753bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75640000 | 0x75651fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75750000 | 0x757defff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x757e0000 | 0x76429fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x76660000 | 0x76686fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x76900000 | 0x76982fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x76da0000 | 0x76e1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x76eb0000 | 0x76ef4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x77000000 | 0x7719cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x771a0000 | 0x771f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef83000 | 0x7ef83000 | 0x7ef85fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef86000 | 0x7ef86000 | 0x7ef88fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef89000 | 0x7ef89000 | 0x7ef8bfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef89000 | 0x7ef89000 | 0x7ef8bfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 144 entries are omitted.
The remaining entries can be found in flog.txt. |
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\programdata\bce1010314.exe | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\programdata\bce1010314.exe | 218.00 KB (223232 bytes) |
MD5:
17f54288695fc46d11078ea493eb6626
SHA1: 548058b2233b75cdfd964c1d7be5d2b80818131a SHA256: 33a60a16e50b8df2a731023951475ff0f973fc66334d2cfa6ce30aa36bb36414 |
|
|
c:\programdata\bce1010314.exe:zone.identifier | 0.02 KB (23 bytes) |
MD5:
8d251dc834ad2282d59cb08f2152a8f7
SHA1: 1ccec082f8ccbe367cfad62f04566e337255943a SHA256: f1556a2096b4e834c3b91c637c2f5fb10fb4f2319b6c5f3143db2ce61774318d |
|
|
c:\programdata\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx | 0.26 KB (271 bytes) |
MD5:
014c2e239ac9d84fac5f9bb42deeca6f
SHA1: 54fb44cfaebd5bbf5036abc28d65c075a858081a SHA256: 9b87d898f5440a63eea60dfc4b6de79112230b0aa6ab6a91104cb99abf257aeb |
|
|
c:\b0ad3ab92537b4fbfe37930729309943.xzzx | 8.16 KB (8359 bytes) |
MD5:
07a6cac5168cad26dc6df34d16ea41a0
SHA1: 5c9327703ea5961e21d83b9e8ee3a0128ceed4e0 SHA256: 710cd6b5104f65527a604839abdfec6f5881c212970f224ae6423482d62aaf47 |
|
|
c:\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\$recycle.bin\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\boot\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\config.msi\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\msocache\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\msocache\all users\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\perflogs\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\perflogs\admin\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\program files\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\program files (x86)\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\programdata\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\recovery\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\outlook files\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\downloads\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\links\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\links\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\d2d9507033a5e4db82b20d90383ec923.xzzx | 0.33 KB (339 bytes) |
MD5:
7037a481becf39b4f592c93948efe34f
SHA1: 5cad49112c4837b7119b18c3c5b5fa356766b931 SHA256: 310e13e9ecedea999daf2c93a008da53f5c4d600015c09b58cde61601e2a418d |
|
|
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\6b2db7ff0f9811b2cfadc1531390f5fa.xzzx | 3.02 MB (3170463 bytes) |
MD5:
149039c782d26be150787a53c60b0fb8
SHA1: 5bad17c6f209bdebb28e1606fa9f14ece3dffeb3 SHA256: dfb87c3b75ba2525237c00a764bff401e5e8b03ff4ef2c6fcfa72626fbcc7515 |
|
|
c:\users\5p5nrgjn0js halpmcxz\97978e0428d9bcbb43314afc2cd2a103.xzzx | 0.18 KB (183 bytes) |
MD5:
060420bac4839cf5f19c38943a7b16bb
SHA1: d2affbf9da4a069003d22b618a23d512dfcd3059 SHA256: c1d7b12aab67d3f367d0263b6dbbd4f4ef8cb5c4be639a8f8c69b020592f41bd |
|
|
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\8515860f00f2a87f630c5931054d8cc7.xzzx | 10.00 MB (10485760 bytes) |
MD5:
7af68820a4f620b83c4406bd45612a54
SHA1: 39216ecbbd1a8402bbf9c24ab0933a15c80d0d18 SHA256: 2be045ba74174227aea2172dc348655bd52185d0f3587708df15a3362272e895 |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\8dff43342c68841c83bde75d30616864.xzzx | 1.33 KB (1367 bytes) |
MD5:
da93b53581ea1df548127c7aa3cf7beb
SHA1: 9ab045eb1bedaf584ebfde0d1bf46019ae1ff049 SHA256: 69c84ce8d01c7e761d477281f27d618bc0c4fff56157ca43449725898de4fd4f |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\fd82d02831f226b04645120f361f0af8.xzzx | 66.96 KB (68567 bytes) |
MD5:
02fec1c5dc7e2590a9765b6fb3f32932
SHA1: 3a7cc5153a6dd097f030de730922774f34339d9c SHA256: 1df186e7f72c994ad087878f1516afcc919c5aa93c4fd91e516a434439678998 |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\3180d48c036a6faaa02e258a076353f2.xzzx | 1.32 KB (1356 bytes) |
MD5:
fa1b1293b91e27d93f13b23f4da472c3
SHA1: 7ee455e5a6aebb6facc9abc6743db788bb75a555 SHA256: 776dd0b99dd4b18c6265d5bb97ddfa56f0cfa625e31fd473a52b94ea3d8e32eb |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\278d60903b72bf40f401616c3fafa388.xzzx | 1.33 KB (1360 bytes) |
MD5:
19ee4889b17d055dc24c0f0f206421e9
SHA1: 33cad01020d2bbbe4199037fc04b4b5c77ba5892 SHA256: 2df685df86595f3d205c6fc460fac4581945380ead55c28c69f18986b722a671 |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\63ab35ad17277526536f22e31b54596e.xzzx | 0.56 KB (577 bytes) |
MD5:
28b81e6b09f2ff1a42abc265088acd62
SHA1: e6ae4d4422f09b686e3a61823b6144e5b8314504 SHA256: 64756fa5d348dbbac0cb09b1558b567d609e96da8f6ab42c7097173f9385bcf5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\8c424c551a76d4366f1622171e8eb87e.xzzx | 1.33 KB (1359 bytes) |
MD5:
5f293f0eac5fb35c56b22fac54dff248
SHA1: b5cd478953c437ab45228eaeb2c684311bcf8e84 SHA256: 085dbc6bcc60b670175cb26ebaa343e17839c81d83a03679dfc9e6cb2f7b4630 |
|
|
c:\users\5p5nrgjn0js halpmcxz\contacts\4c9e88000cb6cc7042ef328010e3b0b8.xzzx | 1.33 KB (1357 bytes) |
MD5:
c608d3534822e866482d2809a64ad4b6
SHA1: e28d66870811eef28a97c960283640d9222c2b66 SHA256: df37dbc3f9cd57a3a011091a152a8f1373befbdb90d3f49866dfa344dbf246df |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\be3510781871306d58a0b1081c6a14b5.xzzx | 19.62 KB (20094 bytes) |
MD5:
1f9aa5313695ddf23958e6e3aad848e1
SHA1: 867e6960318877424c46921bb9099f2091b4815a SHA256: 2b4d200af3e59617ca142cf4e27a567cecd825afd291285002ae45cade56aa28 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\2ffb243e16646ff464f688111a91543c.xzzx | 60.79 KB (62253 bytes) |
MD5:
d4530ca468ffb9f183eee5966b298d7e
SHA1: deba00eeee77048da93c5651b154d6e7687d29dc SHA256: 31792954e1c5db412ca8299f714c44da70e4f54384d205da328568f585a51329 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\b34c34b41ec5682f9cb9477c22be4c77.xzzx | 80.71 KB (82644 bytes) |
MD5:
dfa04f94f8ea24a531e3aedd827d5fbf
SHA1: a94fc7b6168efeb964274c5c21df2f66129e9cdd SHA256: 50aab8c08843ece8b6839c1beb894dcb7d01129082dbeccf4da1555e5567e1d1 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\96e8bc382a82756a96f374bc2e7b59b2.xzzx | 82.19 KB (84167 bytes) |
MD5:
baa927d05899846d8128dc2652f0e1da
SHA1: d04117b3bfc926ffb1316414491ce45ba0d0566d SHA256: 228a91cc95b34fbbd3c292d9c9346bce79c5b72c74a4591ca9187641d94db3b1 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\a9467a821967f20598e66b961d60d64d.xzzx | 33.96 KB (34775 bytes) |
MD5:
0f462d7d5044e27c97479f358c7d6aef
SHA1: ef4f52ac12f97d90194971548fb3a301fbdcabb4 SHA256: 9d992da6f514be3948454579b41360236ef3a1b0fbefe266d0ef588449544ade |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\d8b4fbc032e124e029e6603236da0928.xzzx | 44.68 KB (45755 bytes) |
MD5:
1171ed3b0ffcf3aa020cd28ee83e9eb7
SHA1: 093b6525b6355efd8b32572410702ac540d2e9c1 SHA256: 325163f38c746bd100fa9fe1cf1333a6b874bee390629ed76498e94778fc5fa4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\af137d37318f929fc9ec733b358876e7.xzzx | 57.54 KB (58924 bytes) |
MD5:
82004c86021c94d53032ecfdb83f370e
SHA1: d0881ed00484ca79cda816c05d458a8ea77d70fc SHA256: 5036fdce40bbb4c0f0249f19ae68c26b02a600299b4bb7caba155e7512ed9320 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\e1cb2de23002b20e4903a282342f9656.xzzx | 57.42 KB (58797 bytes) |
MD5:
e2cfc66de56f175d38c1aa7a8d5011c0
SHA1: c527d2339c52dc25cdde7ddc9f3711c3cb586316 SHA256: bd4f6687a6d0a7dd0b3b93663de82a17b724a6a6aee8982d0b4973438bf7abc2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\5a5e8816436aba61c7ec8f1a47a79ea9.xzzx | 0.55 KB (567 bytes) |
MD5:
e5568878364ee557ace58675f1ca50aa
SHA1: f024ff6f307dd504aad45a548789f393cc4e05ab SHA256: b3f6f5113c93892024223b4188734833668fd7bc782a6367c645dd7352be6cfe |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\4ca2a3b835a9c9d86061764339f6ae20.xzzx | 42.86 KB (43890 bytes) |
MD5:
6e6f0daf10918d01e72c4d8002373d8c
SHA1: 72dd2b94f3b8c6c3dfed7534dcf5647f1ede90a1 SHA256: 2c3552ae0fdd0bcf0ba05689550fa13217be85aa9df2bfe5a77aafac73ae5d46 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\7e0556c23257a27a640f901f368486c2.xzzx | 40.36 KB (41328 bytes) |
MD5:
28f4829c79f4eec9fd7cddfd060f07aa
SHA1: a7a666ad57dc3812867c7ea853ff4d797375c53a SHA256: e7c311f2d14407fa76d5b422b37eb0e35f7acf8bd15d0a514c7a0750b4b664b8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\d4132cc416066089c413f0dc1a1e44d1.xzzx | 65.07 KB (66630 bytes) |
MD5:
79f69f3bcdca8095e7f6242ea2dbde8a
SHA1: 882cfdde487ca0c545d3e2463f92b21ab81e63fa SHA256: a4fcc7926a4c315a43245ed461e015e0b74a3ff71915a2bca221a419c48cb6d0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\b8f78ce2222013c8ff50021b265cf810.xzzx | 1.92 KB (1968 bytes) |
MD5:
860c337e5dfb49521db578df71f496d3
SHA1: 5d13c2e47f9200f5a47c97e1838f172dea682d1f SHA256: ff1f9af96be15a21138d7de11a6d58e7b5fd60fac22a7635a31dd669c44d04f6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\2f2ebad63a6e51cf01e49d9e3e863617.xzzx | 64.68 KB (66232 bytes) |
MD5:
c8875444c336fb900e594143f0b53e78
SHA1: 245e99cc9fe8fbbb06fd17c5e98f77d0fe7a8226 SHA256: ae122938e7e7a67e4f77917903a6c6eb90df1450190cb57eefe10b92c8d353f8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\5f3f59042cd153ccc290441930fe3814.xzzx | 6.63 KB (6786 bytes) |
MD5:
068b4f214d2a568168bf785f95037b7e
SHA1: 23112502950dcc498590a4d0b5afd344fda6e51e SHA256: 3f11eb5d5f05c27f29bcd0543c107f01af353ae96a54f2afd622e8ab43b00b08 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\d7ddfdc32cf119c87b5bfa373108fe10.xzzx | 83.78 KB (85791 bytes) |
MD5:
add410986e6e80f02e2175724e40b0ab
SHA1: 35f59bd3a3a5c1361980b9433a149cf01d64d1b2 SHA256: 76181db8f9f4a1b80e3ef56b4190fa960d40ff0a080390e446b4992bf472fb83 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\bb3cccbc286641fc324d4a8b2c932644.xzzx | 94.35 KB (96613 bytes) |
MD5:
7c71fcc1c1df2874bd7e0a15236ab206
SHA1: 280387cabd31fb7714a6e4dfb6d5c6dd16c05f5c SHA256: fb690f762dc185a23f6dcaf85ac73638fc9c6bfba4915713d8cd56cbf1c56d72 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\b0407b59334cdcaf9e2ca2e33779c0f7.xzzx | 15.63 KB (16010 bytes) |
MD5:
4e2e176d209ff6f708568125d1c4ce8d
SHA1: 66d11069b0d956233f44f832d95eba3533a124a1 SHA256: be2aa830518ca712f57ae92259a29fdc807c9d9d3cc0adc084bb6addc51b7ba0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ee9b10b00f697ce4836159f013d6612c.xzzx | 79.06 KB (80954 bytes) |
MD5:
e5a22f5c0a824e162937a9d7b5cff37e
SHA1: 9982ef4bb4be4bbd86b9ce2be0407ac663dba358 SHA256: a69df84dcfdb681257231df2a3d7a190cfecde3d0973165927c8bd85462c8c62 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\38aa9e1f3fe71932fade96e143fefd7a.xzzx | 81.89 KB (83855 bytes) |
MD5:
1c704ab468506ad7d1c352cc2e0070e4
SHA1: 104bd6b351c337578cd7df1e69f09f1292a9d018 SHA256: 034185248f0990238dc977b26c28de529c2fc3851ed38b00e95044968ffc7bfa |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\8441a0b23fa9b9126d832a0d43d69d5a.xzzx | 23.36 KB (23919 bytes) |
MD5:
0625acb064776d360affe00014a24ee2
SHA1: d8e097877556698786150617a7970b373d6fdc83 SHA256: 2dc96cbdb288cc9cf7917353f57d832bee6f99c1254fc4654e7ffd791e095853 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\240d5dc448cdcc4a47de5ede4ce5b092.xzzx | 30.92 KB (31660 bytes) |
MD5:
075ee2afdf45b3e2dcb505d5658cb709
SHA1: 6b88b6ad96871cadec6cf38ba09fd68a56b95e20 SHA256: b07dbca680b89db0b02c68f3544dc6ed3443fe20e547ba1ee0e0c44341fd4a71 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\2525214410f7da278be33b7c150fbe6f.xzzx | 26.33 KB (26963 bytes) |
MD5:
5821ffeafed312a4d7df3d5cdbdb93a7
SHA1: 7c2fd252a5f6ea0e97355259ce1fba1dc8bd5aa6 SHA256: 039db0df68723948a7a5a7448d3ebc6a64c952b71c68a3644dcfa5b17b22e164 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\b4a323b51740b3fd1d50dd1d1b6d9845.xzzx | 41.96 KB (42970 bytes) |
MD5:
e79fbf767d4b3a3c75f729c2e6cbd6aa
SHA1: 95f282c60802b04a65dd7013f1de0b1c08bc40f1 SHA256: c213f4a6e8c3529874071c1b810aa500568c0e79f0a88debd7a708cece6fc2d3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\a0dc431228de1e088fd30db72cf60250.xzzx | 32.56 KB (33340 bytes) |
MD5:
e45216fd5eb8cd93ed95052e5b3314fc
SHA1: e6d9128d60dd3a97fa512b6027bd287ba37b74cc SHA256: f3c1254bf98f02a7987d79f1301e49adce9ae60d836c00c517ff582745249cc7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\4718805a3b556c301085a1313fc25078.xzzx | 27.90 KB (28573 bytes) |
MD5:
9f5c4299b1965454907854c71bfe6580
SHA1: a72f5fa9f522773340265caaba96102509339443 SHA256: 403d8f8c46ae37fcb3335bf345f9dc78d3599fffeb011a5952be8db86f27860c |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\3d3271b13ffa5012e003eab54427345a.xzzx | 9.46 KB (9686 bytes) |
MD5:
da602b009d8cd890c1e3bdd2b5a5efb8
SHA1: 4572b728efb3bc3ceaa60cf9571703650c204934 SHA256: 1f91004a3d4904175142f00d64a898d9a2fc2aeafab0b937eb255a9efe93261d |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\1b49d0d52a00521de10dafa32e183665.xzzx | 99.69 KB (102084 bytes) |
MD5:
cf18e086da2ac760667bc193720d99fa
SHA1: 3a987526ed956ad2b3937b129bd57321e0ecc1d6 SHA256: 198f4484c92081b5ee0a306ef59b169e302f9c4c8ffe7222df837684020e564b |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\069c108614226dda8ed0a1a1188f5222.xzzx | 58.53 KB (59936 bytes) |
MD5:
cdf1740a130dcd83a703f15b3898d755
SHA1: 1f823e96d319a9f20135f34c5b239346ee648b34 SHA256: 20067c71c52c4c569cd39b5a475329ac95a3527b8a7978aa722d50634e5e06b7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\e47d77fb28ad6f18ceb95d752cda5360.xzzx | 90.48 KB (92647 bytes) |
MD5:
b4dbac01935a41cbaa158f50e4032daf
SHA1: ee9a2a54c8b786b95acc0be32418549461710cba SHA256: 816c11bafb15e7b8c30c61bbb0efee27793371f138d8e4ac5c05de925eef4a23 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\3d2178a332ed6f4701e92e353705538f.xzzx | 96.27 KB (98580 bytes) |
MD5:
f480b9ebc1a6e813b9bc2ecb624df014
SHA1: 7f493207f514d1ef92bea3f437147beff4570289 SHA256: 4aed55a0a8320460e6a3289e96f837cec7cd79c0da84efbd9276cfff5f977611 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\9345d86a0f87da84ada8003e13b4becc.xzzx | 86.81 KB (88895 bytes) |
MD5:
05e9a38bd2a8eb58b385fcc203ea4282
SHA1: b7ac79f626ef4d1e5934ed7b133f84e1f141ee14 SHA256: 16a333cf8c552f487b54463e5e50abee2f51cd79d34ede62eb3e29468239defa |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\a216bea01542c25c94fd01f0195aa6a4.xzzx | 4.43 KB (4540 bytes) |
MD5:
630a139a9e73ccd9ac24b4447ab900ff
SHA1: da94f9b274ac0cf7af86251e759ad9e16d6a5f99 SHA256: baaca3f4434f4e8f0aaeab6ad4712a1e53d12b39d9de754c13cb5eb62817c36a |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\e85c7261086e23dedfc379d70c9b0826.xzzx | 59.96 KB (61402 bytes) |
MD5:
ff5926fd6c79d1ca4bdb2c1646ce451e
SHA1: 94eb338b2f2316bbed6e44ff4008098c1c9c2c63 SHA256: 390123269a79675bd22fa2f1096de4c5b6a5cd60a85b80326e7fce0603e3260d |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\ikpxup8ushighl1\33820cbd02f4b0d349b807ff070c951b.xzzx | 68.06 KB (69691 bytes) |
MD5:
172705fe35eab7f0a943c14fd12c13cd
SHA1: 8c23e02ba967118a24e90635f98ae40162fdcdc2 SHA256: 5d95e36c4e05dae3890220d86fa52e6f8bb64c24f7c5adceb9cc10f947104364 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\632a4073379a2fdc09389deb3bc71424.xzzx | 33.63 KB (34433 bytes) |
MD5:
cd4f89617d0a4d0cc2180c36f5b9c9b2
SHA1: eaf0540c1a148a648724908ceb4f129d13c5ccb0 SHA256: caccdf7bbf5c32b3088ed685e6e354cc3e31f280f331802d25659b4d666c6714 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\6b01ea683dc5f7920a3c155c41dddbda.xzzx | 90.64 KB (92813 bytes) |
MD5:
d0cfe4acca118972fb75384684f8f364
SHA1: 59d49c41072e578802b95056a186338ed46332da SHA256: 16416e08daa079d2db90a9465fab59399f3e122775c84b400d99cff4f343b812 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\5154be9c1011afd27b96a6c6143e941a.xzzx | 4.35 KB (4454 bytes) |
MD5:
b1c3432d2f07aa1891eeda4ed9c0f8f4
SHA1: 287450b04ea91a1c35ea39a9c93abb3507331656 SHA256: 8cf2b9dba45a5c49b414aabdea6e2e3f4ba3721d3eb5a16ff682053ab737ade4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\f8f047460eb3954ecccbc0d612cb7996.xzzx | 84.21 KB (86236 bytes) |
MD5:
1ced70356d384fbe0887df89f72ed012
SHA1: ee9eff3bd7d6ee254715736b44258f5a0a776ad4 SHA256: 671427d0ef4d90ef2ec86049d767aafcdbd5d1af83bdf0dbd9ed6e2229dde220 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\e3e55c1830b142fc6c2b225e34de2744.xzzx | 40.84 KB (41821 bytes) |
MD5:
66d1b0c8809a3e340a06443cffe1f852
SHA1: e99da89cf13cc863694e1be22acb212250fd3dd3 SHA256: 5709e9813696c9d853b00a1adf14f5a1b8d9354cf278201fad891edc4c1ee1f2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\73c0d9902a7964c0808d031b2e914908.xzzx | 44.84 KB (45915 bytes) |
MD5:
f2a52aeb2e175a88aeacd11063e8d9fb
SHA1: d0c8780275620821cc79c90a8b682ff3b2367667 SHA256: a8f2542a30e5c2ba92fe555dc27cc04bb55576534aa25f7a1729a4759e87a869 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\0fe24cf432281f2497377d743655036c.xzzx | 51.29 KB (52526 bytes) |
MD5:
aa8f05f29f54f1ded055b59bb41b4e2e
SHA1: d082e00a2613cac7d2e9ff4fbe09e87d01bce909 SHA256: d259c116e5af57217c025394521eb030bd54a48042075cb8a8bee830709c3c02 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\7d60b7a8152cecb0b780c8b61944d0f8.xzzx | 84.49 KB (86520 bytes) |
MD5:
66a036e74ef16981c2c5de0cd95dacd8
SHA1: 321f6f985b84627c6e3823b3c9ce1dde7d2f511d SHA256: d98b48f11989504c182d7ebc89ba5080e35c7934159ad5ebe0b33d549ff45812 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\de6d908a0693b67d2f37324a0aab9ac5.xzzx | 51.87 KB (53110 bytes) |
MD5:
602bad099f347131c7d0fc42288f7d88
SHA1: fe09e2fe4d1e19443f1edc366e9a7b05b76b2028 SHA256: eb612eebd781e26d352df807b376fa664f9d0a924fa740f69e7631f6e435ef09 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\lhhnd9lew5xmlxw00jfa\zw28zqhzfxay2nv\4cde900f0bc30bb32ab81ee70fdaeffb.xzzx | 22.72 KB (23268 bytes) |
MD5:
fa0472ec8ffba2664c7fe54ab03d9a35
SHA1: 5a45953bcbba0e03aa81752ec481cbda743e827e SHA256: cf9d5c8015302523ac1dd101e5fe19350a023a2971361e03c28038bbcaef53de |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\bf7b86490294f06b45ac44d706acd4b3.xzzx | 0.37 KB (381 bytes) |
MD5:
3cef2ac0d6eb9cbd7fb5525810239b11
SHA1: 112856c2cdba6c0ee0b000c4edd1111888304ba0 SHA256: 15663764387d013c1833ee7d44801236a79922e5743043e7fbfe4adb58b70d73 |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\my shapes\_private\7b7ba3c4205941180fe9457124712560.xzzx | 29.38 KB (30089 bytes) |
MD5:
84d2cc2a52da42f308082110d804e971
SHA1: c55a945c726e0d54f338fa1b2ea5998dd831ca49 SHA256: fe626bed5e421e266b5b5def2ee3de64434004a93769c8a5c79e4aecd162caad |
|
|
c:\users\5p5nrgjn0js halpmcxz\documents\outlook files\7ba753503e40d4c00f297b124258b908.xzzx | 265.18 KB (271547 bytes) |
MD5:
cf5d5391f97c7bb8a30d0b46566a1ce6
SHA1: be3a212ab2b9f7d28d705ef4d70658ab14844c7e SHA256: 114b557c1f4d8f2826300e8b2c011b49d7ccc9a0bd9b4bf6ce1f75e037e96594 |
|
|
c:\users\5p5nrgjn0js halpmcxz\downloads\4645e01c4f3ccec4ea018e655354b30c.xzzx | 0.44 KB (447 bytes) |
MD5:
760acaac8a4822c7708300c7b7412b40
SHA1: a74a21cfe42872d6debb2f0590257467f6cefeb6 SHA256: c8bf3bbcb47c1d2e675716e436eb2a8e3ef7f884f4c43358555a7ad9b434d181 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\72a6c9432269cce1a510518b2681b129.xzzx | 0.55 KB (567 bytes) |
MD5:
f416139ee234a074a84840a79d5e4492
SHA1: f460a746dcc8ce5ce54bb57a9fd7c0ef1a8a3f60 SHA256: 403ff5c14278cf92f5b57faa89ee5bd1213cf65f72c9c57d69917124a83e196f |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\links\8e5ece9444dbaf1a59bc413e48f39362.xzzx | 0.24 KB (245 bytes) |
MD5:
55bfb842ce6739aa416236f6579d0b37
SHA1: b7b40b2365139cf8355cdc3cd176105ca78d507f SHA256: 8d70759716c129c0b812279dae24c4747816b35e8c06cab0f41761fcefcc347b |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\links\b8440918056e9f026ea48c8c0986834a.xzzx | 0.41 KB (417 bytes) |
MD5:
731f9dfe1d316d6b0fcb427621a5cbed
SHA1: cd95f93ad65b8893e58bc74bc17e4363f21e0b4c SHA256: 51364ec4cde902259292f3732ec387e8169d965fed6d472be2e56aa53052b578 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\links\15dc3754190a8ea84ed7a99b1d2272f0.xzzx | 0.40 KB (411 bytes) |
MD5:
2718bbf5f733c4313b2030de72a5f064
SHA1: 2e3d7e85acae7c40273a65316ab5fa7fd2f458c5 SHA256: 8d832c6a9193c46a924a3a25f9b6fc4b557f4efa3a72579291806709e86c6d3c |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\1b49b9e018f35807975dc8201d0b3c4f.xzzx | 0.30 KB (312 bytes) |
MD5:
d90ed03b0659f370f185a930ffd12c01
SHA1: b155e0fea261b0509ba54a744fe90ac9464c5502 SHA256: ac1ee59f00279cec0f8555b1122a071d13429101df144dc54085bba18be5722c |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\fd9030e848c62d90344a51e94cde11d8.xzzx | 0.32 KB (332 bytes) |
MD5:
b62a4313f4a8109e488acbb907d7a948
SHA1: 06ab81ed90ecada598fe0381f3bd54d2138be405 SHA256: 7836e3508d1804f4e1707cea6d58f254b73bd941f0b915ad2a24a9ccb6ef7116 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\30fef3b4011abe0e503ed66c0532a256.xzzx | 0.31 KB (318 bytes) |
MD5:
7b6ba656037cdc448f6ed1f41a1300c5
SHA1: 916b741f616d9fba93ffe6088ff8c4b2bbb57196 SHA256: 5a0229d14f2b37da6afbd19825edb1a8aa30a539309efb5be4987903a0da5eb2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\b2a8c78f28f146042377d2fd2d1e2a4c.xzzx | 0.31 KB (318 bytes) |
MD5:
0d379c94c9634504f0392b6ae9b3ccf4
SHA1: 1c343789a8fb47bfc4161662cb41d49788898dc1 SHA256: 5c4b32cf30da1bc7b1cbb434c9236c71c0a0cc5a4ae4440ea35454f19249d5f3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\microsoft websites\1844fe2a092a01627c9eb5e50d41e5aa.xzzx | 0.31 KB (315 bytes) |
MD5:
25f0799c63bd239b7af324814d33d6a7
SHA1: 32f7654ae81ad249a7e119fbaa8afc5515128646 SHA256: 2ffb53b4fb4aac427fa007a8568f267cc5e1f2b5c90432171aeffd15525dd2b2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\833df956476c97eaeaf8ad0b4b847c32.xzzx | 0.29 KB (302 bytes) |
MD5:
c5a7b6f40f786b4f38dab85eb63ff458
SHA1: cdcdde2bf8309b8219efcf9ebba08db1899eff9b SHA256: 1f6d95700d944989057bcd1fadaab71fca3c1e244a3e6ad5b74550da07fbffeb |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\13771db6235c0add78bd03922773ef25.xzzx | 0.31 KB (318 bytes) |
MD5:
d8c8e49869b0894ce1c39de2e0596262
SHA1: f02be445418ff5faa34a6aa8aa02f817d8b94fde SHA256: 50433ca1689fe9fb678311ca369226bfb8ee955d705834f74f006651e2375cbb |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\8f3b67d5108cb69fdd5c15d914b99ae7.xzzx | 0.29 KB (302 bytes) |
MD5:
9e37796c60680bba180b4bda51c6c848
SHA1: f544655115941f161ec46a3c91a0a86f55783cc8 SHA256: 76b2334c79f6cdf7d6fe27edaf0d335a548d069dc3e347fe5125d4262a0cf2e3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\94764f5b3c2dc73eaed48d494045ab86.xzzx | 0.30 KB (304 bytes) |
MD5:
6f7e39e7975d0e66dd208f8a141fdf90
SHA1: 3d853e036d8c934467626a19c14c9b5c9e365495 SHA256: a3b721c0ae2df20467a22647c4722abbb62b06f06c770e7022b1b175d4313aa0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\583ca788134302604af8fa2e175ae6a8.xzzx | 0.28 KB (290 bytes) |
MD5:
9217170c0c1dac3e954e43177162d0b6
SHA1: 2a35c29640b3e7e02004d36e358ed19cae619efb SHA256: d41a5ca2893360731a2ae6bbfb955e60bdd221c35f7bb479ea6ea3e94c360a0c |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\msn websites\880f5e93248ac126c0e08bb728b7a56e.xzzx | 0.30 KB (304 bytes) |
MD5:
5235f32bacf62ce875c416b6a0e119b1
SHA1: 54f160ca84c0fe0a674a13ca5217d6dea31299a1 SHA256: a421ada38182be3b492ea9bfded026b859abaaaca9643ee5b1c2af5d5d443bb3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\9aa1db0a3e2db1949e51c4ae424595dc.xzzx | 0.31 KB (316 bytes) |
MD5:
4c75edd47dcd6a49d4fd5e7127e5729a
SHA1: 132e069269ed2fc6ce8a7e0559affb118bf810dc SHA256: f1b9def9278c0bce1e8353460f21a3029b7e3510cf998c7233ce80644b83a712 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\d9b986602fbc15fec37446303428fa46.xzzx | 0.32 KB (324 bytes) |
MD5:
ead1d310ed213a5e11b13fa2b7bdf3f4
SHA1: 7dfbffc8e708803445fe3fcea81abca9f93a7432 SHA256: 14a44c681f34a848cfa8539761f2852a2378efed24e1f51cfe6ba7026be76216 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\fd9d491315d8c1eee26af31719f0a636.xzzx | 0.31 KB (318 bytes) |
MD5:
00bf787a8b621ec6cc8d075a44d3f4f5
SHA1: 1339d921e13d2594ed344e066162b4b55af89e4e SHA256: 6f3d6bee59332e753cea279ade3649ecf38cb5a9aec033ba6568cd593d88f0c2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\favorites\windows live\a58916d017654cd0cf379f2b1b923118.xzzx | 0.31 KB (322 bytes) |
MD5:
1861d12da7cadebbfadaaf5fcae2fa08
SHA1: 95a58e3c2e4068eb4d965338b78ccc34d64f4a1f SHA256: 367dfc1aab18979d723f555d5b8db12d0db682aaa3cdd54b011fa10353fee3cd |
|
|
c:\users\5p5nrgjn0js halpmcxz\links\afa4cbc047178b40a7e7aa8d4b2f6f88.xzzx | 0.73 KB (745 bytes) |
MD5:
bbd52b08633142b1a05bf5aabbb1120c
SHA1: ac8baf7c3c291a8ad2d7ad6a27beb53903fa5af7 SHA256: 6233fcb1e4e49031ca08b31646268d13a4147d4c5f428313dd8cff656499c805 |
|
|
c:\users\5p5nrgjn0js halpmcxz\links\02d36bf7229fbf1a2d198367271ca362.xzzx | 0.53 KB (538 bytes) |
MD5:
8d697c13c4bebeb2470a203db13767d2
SHA1: 2b15ca0c4217de43c53776d39216f9d1972c99fd SHA256: c1fa1ab30f748fdfe2fb5d7999a3ca670fcfe862a20e77183921b26f9bd85fc6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\95567f6e0cf2434a8f3cb62a111f2792.xzzx | 9.10 KB (9317 bytes) |
MD5:
455acf569a78a766035542b7c025f8ea
SHA1: bbbc51e1be2d9b5507be5cb95eb7f57be01b540c SHA256: 011278a45019dc36bb9db7084523d27eb4806439e7748da04211a46a79070380 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\d25ef7c41a27d9e43ebb395a1ebabe2c.xzzx | 24.90 KB (25497 bytes) |
MD5:
754ad1f657d88ca8c43eed66bdffef39
SHA1: 286db2a3fcc09af1c9b06be39102f4fb3e1d0958 SHA256: 5df4fcfcfa891fd400fccbaac82e8e0ad1359108f67cc8740f07543a04aaf9bd |
|
|
c:\users\5p5nrgjn0js halpmcxz\links\61c67744188385c0eada50e91cf06a08.xzzx | 1.07 KB (1098 bytes) |
MD5:
6621b1997d6cbd1c889ebc297ea56373
SHA1: 1ff0ae557c64e1b4a34f92e9547629e64ee8aed7 SHA256: 5133e1ef36c9fcb9ad0188a365d22faf63637ac6c86f1c60d5983444b9f6d14e |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\fcd862501902e584e01cefe81dabc9cc.xzzx | 4.53 KB (4636 bytes) |
MD5:
e7d862e612fe891e31344f78acdb3436
SHA1: 1ca0de52571149182c8f63c4dcc0aeeabb789560 SHA256: c22bd8fb406827096820d418b530a5ee87bc1870e2d8d4a69a15837057bb17fa |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\5ef7279e2ed18e2582c79cc632e9726d.xzzx | 0.65 KB (669 bytes) |
MD5:
726705e4c5f5e6ba5939d025fd87e895
SHA1: 9affa9196730805eb431774664eda2f47f2e6b29 SHA256: 8dad840babee49b711c27e83ea5a5094fc12e9fa099be8dbba9b2a715d2ba193 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\129dfdc608a49a7cbff35cf70d217ec4.xzzx | 74.97 KB (76770 bytes) |
MD5:
d54c435d95e9b30b15afd93207f46f79
SHA1: b26921b8ca1aa96ca1d31b67b3cfc78177055c70 SHA256: 9156bab19d37f1fc49fbca9a5b4e16637c59c9f96b315e4d2e0632d2850d8bdf |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\35a8a5603be70712a81d33d040a3eb5a.xzzx | 64.36 KB (65906 bytes) |
MD5:
803ffe4870325b3051b7f545419ff130
SHA1: 55ae39d4862be22a09bb45c8d8439670bed66501 SHA256: 37eaa139ed744f5dff67cf1dc8df9d2a510f25a4c073a5c7fdfae6ba69c9dcba |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\b169cad546c877a0159fdf7f4b675be8.xzzx | 93.67 KB (95914 bytes) |
MD5:
ea34f06f4df7b220e1c54236d20cb25b
SHA1: f06919af9f35d49ddcfec8fcaa9ddf7f70c8be8f SHA256: 96f59caaf8bdce2e5bab2138bc46c437e7b11f18bd8d72a9c5ffb1b01155a364 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\3dab40862fbd462437e5810b348a2a6c.xzzx | 15.89 KB (16272 bytes) |
MD5:
0f6cf9a5de83764a04e784a50cb94049
SHA1: 3e25e007630c221b670b542f29b9260729883520 SHA256: 8d4aac20fc3e7cfe7ba8d8e0de6c599b0303bd947e5a8dc464e8dc2f5d6298b8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\70cb960a1797b0a14eb31b321c2694e9.xzzx | 93.67 KB (95914 bytes) |
MD5:
f2d8bbf24987f9ddf50724a32bcce8dc
SHA1: c28e2e082d5df0447038c7bc78d1f2a5200d155e SHA256: 1d3a92482f84b28eeb7101420aafc00b1b2b9d0d34dd43dea9274e2fdc43a535 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\51a5a3c031894064fcb3ced0366624ac.xzzx | 81.50 KB (83461 bytes) |
MD5:
f3deb548130f7e011f7e14d22a6a33b1
SHA1: dba44308f33c87cfaf2a298aef9f2f9cd89e1a04 SHA256: 35c49df5839e24e53bddab5141f7f42ca9a02f405ce2f22542a9a67290faa6cc |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\fad3bb6308c4fc66694f337d0d31e0ae.xzzx | 93.67 KB (95914 bytes) |
MD5:
854596fd469ad894a3579955c4871711
SHA1: 3d76d7035aa2cef358b260d898c98b7edfcedada SHA256: b901fa970a0d8e0a69382aa8e0fea84503a8b893488d5bde9b819b6bafac418a |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\c8e8bddc263509ecaca7c0d62a50ee34.xzzx | 81.50 KB (83461 bytes) |
MD5:
67840eada81e1a87a8cbc6553d4b268c
SHA1: de9bdeee50966200847186c73d2016a0590b075d SHA256: cd0750b9a1d243470427e9ff106284b41ba15fc95b2bdfb0ced0b02d07f61c80 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\eed603f80d860cc870d6498a119df110.xzzx | 89.25 KB (91389 bytes) |
MD5:
29ac431be819c3c08d164e8b45b87b96
SHA1: 84665235ede98bb2c4a8028457f15ca7a7df78bd SHA256: f0b0e27fb2df28ccf175ed5e290904ef6452459c38f6112eee94c653aa29c39b |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\1037641408f8f044b7533aa10d10d48c.xzzx | 15.60 KB (15973 bytes) |
MD5:
518f55a70ccc91278fbfcd6b82d39475
SHA1: 8ac8072872947ae19882007f93f39136d2de6783 SHA256: d679309f5d54526e3f52daff0d9b57e3e05dacd81c322002a148ccd16fac1853 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\b5a4f8d81d2bc280a6fb77022143a6c8.xzzx | 51.50 KB (52733 bytes) |
MD5:
4e87399c40fbfda8101d6aad53516284
SHA1: dc45c3afabd3181402af348a5117d5ad19007b23 SHA256: 0907d363360d3006b669cd1381e43df64ea5cbe9b0885fc06aa62aa126745c52 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\a191878831212978b3b60ce1354e0dc0.xzzx | 80.57 KB (82499 bytes) |
MD5:
8dd9d1b39acad994134ba22fd083d063
SHA1: 9bed907ef3aec0312e411c74e4b8601cc80fc00f SHA256: b363630acd603d3ece19b269f42df9c629e86c6158c28b0d35c4e0c6b84c26dd |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\6d35692c49d86b1ade80fada4df04f62.xzzx | 54.11 KB (55413 bytes) |
MD5:
ab3e7f2a0e819e9b302d9d8aa1546364
SHA1: 5347c2473d17fa039bff1d5f7e0568d5df042ffd SHA256: da4d2b66f8a08969f6d0a9d0ff24fbfd6aaf586ddc98f3ec1649378680d89600 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\e003588e3da0b59dc1493ec641b899e5.xzzx | 1.33 KB (1365 bytes) |
MD5:
dacbac43435b740f3687e55dbe3a50d5
SHA1: 5f1758c04b8145e8b2c44189ead9cea88f2cc6de SHA256: 0d113ad6c16f02590835e924dacdccddfb5a9fb0eaa16719c2af21afce3d5cd8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\54e892fc383d1fa0ee2d03953c6a03e8.xzzx | 82.30 KB (84280 bytes) |
MD5:
6090b1a158fb63a3abc0df52f99f0ce2
SHA1: 454a9b49ff7875a3e75ccee586c95e0e52b79b8d SHA256: 7b52d0a7bf88d9e960ce48fa8bb318895d089d49a16c338c6355b5191a6dd9b6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\23947e243409dc7caf2c62063821c0c4.xzzx | 37.22 KB (38117 bytes) |
MD5:
e5b58e6bae92e1066b3798d97eaf33b3
SHA1: c46ae251d9196e6dfdeaa9655c4345aadd8c4ad4 SHA256: 4a4998a7614f46d66106c1d5ea6911de4260172e27a340120e7e6f9db191c33d |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e19f6a2e69e48e7d3720742c99392583
SHA1: fe2c459a5b0893bf649493cf3dabefc1d8465a04 SHA256: a2e604e0daeabffe3f4ec44de6ad8e026cc5ed2487491470c696e546066356e8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
814f1b08ae92bd5d4d25d4e42ab28f2b
SHA1: 40d5718a729c455ce1201b6330007d01c1dbea4d SHA256: 061e44965d029cb150381860cba131d230ed49a817f89128f0f885a5cf295e7c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
4e95e0cf613c8e5b346f18b1da242624
SHA1: def3e37c0ee3e1c48b20e315345ea79403966398 SHA256: 3ff33cda6bf81cd651c0848ead9c85268f483cab41a65e2d22730e8ec442ccf0 |
|
|
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi | 3.02 MB (3170463 bytes) |
MD5:
149039c782d26be150787a53c60b0fb8
SHA1: 5bad17c6f209bdebb28e1606fa9f14ece3dffeb3 SHA256: dfb87c3b75ba2525237c00a764bff401e5e8b03ff4ef2c6fcfa72626fbcc7515 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
4cee43f4c870b967aa8491d3cb0abb17
SHA1: 2f90d80e055549767a26b23ca20966e72ab5f1e8 SHA256: f8a09519205e9131a83026547b9a53d6f03d413c1215fb638c75ac135fb6f8d0 |
|
|
c:\recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\winre.wim | 10.00 MB (10485760 bytes) |
MD5:
7af68820a4f620b83c4406bd45612a54
SHA1: 39216ecbbd1a8402bbf9c24ab0933a15c80d0d18 SHA256: 2be045ba74174227aea2172dc348655bd52185d0f3587708df15a3362272e895 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f7e9f993db856ce27a1001de530fac37
SHA1: 19c00557f4e8604aa7ab6364df4472133c2dab65 SHA256: 141c64e29296dd473d8bc09d5913f92bb48b5eef3cc28141bf2b1437796533ba |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
13f9c6326eacfffbd799d5bfa822e37f
SHA1: 6d6506098ffdc2a8410c7194c95ea3e99f0abbbb SHA256: f02c59939ff03d407ba4cb24f9c3d9022a8c96708c5001e2e862e5b4ac7c6aa8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
5e4618d7238ce7c835c48f52b3745179
SHA1: 579bee8d32d1493698419c2db57f3ce210972e28 SHA256: 1b5b1a577db475c1468fc45309933e50a5c56248e9aa93cdbf0cffb1ec97847a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a59e64a9ee39336312f7d611b15a8aa6
SHA1: 3935947456850c06664902309d8fd42cf466fd77 SHA256: f94bcf4086220cd1cd08aa968bd72350d2a606fc736610cf1ad2221bee9fce07 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a8a86b009e428fb06407c9af0876d3a7
SHA1: 2b0e0b58962ae724048f0213fe37db29cae49b27 SHA256: 2ace2b74273eddd32d0f02e3a2b3f182bcf2e844ebf09359af2dee67f6257b7f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0f92a1788ac3fea4f1cde6e4b3265ea8
SHA1: 4c15db48ca94b7da81dedc2df7020aa0d5c4221d SHA256: 46dd7740d8c369e4d4c209f04c0fce8eb2aecb2c56dd93587de385d6eadd4623 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8f6e63f0d53ee35d5492e53d9ad33263
SHA1: 396ac06a71fd5b6bbcccf6b11e39eccf1c6e30a2 SHA256: 1ae5c7aa3c29d0ebd5b339c7e2da91fc5486e662d77e9411f3a0dbea7b1ac665 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8b93b3602a27797ca735b7ffb26332e2
SHA1: ccb374c385c7eb66ccd236f06f2699cf960b48cf SHA256: cd2ba8aaec06a3d1764ab616c7bea3a1385a958b47b214889835e23a97beb163 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0ea871643e1efd851bdf75d349a3dd46
SHA1: a6f0e00253726d198bf3dcead22d1df34337f2d8 SHA256: 458121e877e8ab037585192ad929a82e4e352662b46750a84f8fd5e7c224ec5e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
4d360bb043a3428b923706eaea9c1de6
SHA1: 2573b856c7eb6dc9faa3221a0d39107864f61f8d SHA256: 7f55c9b1cf55225f33224ee5c3173edb43a6451dee4181fbabf379dfdb8258f6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
7b95cd6c0b1a8735ff0b3b628a56aec5
SHA1: 7d4ea73d6b7a7bb59c91b30b2bad4eebdb281ab9 SHA256: 0320cd126bdbcc6b3c47876eecb7b09891bf290acf739d432523049c27d92ae6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8c9827beada5e0066b5f5f962afe8d1b
SHA1: acc7dd2fbb624839bb52061301aa980db6e26d10 SHA256: a9318420cae0d9b3bae15ab505e36d538b757a06d210acbf743b565c1dee807b |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
551b58e8cdb91d3ce675b6caf3ccc5f6
SHA1: 1488531700e2692e1c9858d6f2c82ee033ef8e13 SHA256: 6148f6799b15857a4ceb68ce889418b7ce28b48931cff98618ba19b7260a861c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
45e5bd6ed45ce5089ac829e2c7daaed5
SHA1: d58f888c1a1ea6ce871ccb35ca181632e16e2f01 SHA256: 2ca32dc03b110b1d3cbfbfc840e0c25a3ad27405def585785e50c75857b239a9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
dbdc08589776cb606424d1a7271fa4b2
SHA1: b8dd24b7af0142059d10d03828e67c6249dd62f2 SHA256: c2c9e90b31d29a54fdde837126a74a09a5ded87662ab1ad0d923b4ea3e47e862 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
66d1734e2a678e1ee5a57e4dd52de11a
SHA1: b77f7edbc9d18b9e2bad433c3c6b036466fd00cd SHA256: 4331ffd80feab4efe02313932587b1bb5e8d3056fd3a9d3fdd88b4e5d07f68c3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
c2b4d63f0d3d148b592eaa3c7fdce1d8
SHA1: 2bbb8bb45a20fe49b9df890085ebfc887bf0ae7f SHA256: ae7f3e20e8b1e3beebaed7400f11fe5dd648acf2c75fdde06737f5fceecda4d0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6b48287462a22f07b63924dc4c1079cf
SHA1: a257c3330d908b6d50da079cc91ea4ecf99b99df SHA256: cd07522a7e5d25b1461e82e0e6680edf744a2d78200df517c94a4eb493a501b3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a0c4f6838ecd427c072ba3a6d8f467e9
SHA1: 937d82f19b71b97529a7424f8a724ccfea4cb453 SHA256: 30b2c1642e1b0d99ca7ee5fc769c205303571c54fa1ed3fcc60f9f3aece459d8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
db365aaa178f4cec323568d0a2d92459
SHA1: 58adfc371a5d5c29e6a65dcdb9692d7addd5b8a8 SHA256: 81bf4ae209f9f4e703d136cbde9ec6eaad18cf68190d0b89bf6e6329adf13b15 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
2e48c94dfa710b445956e81d14902aa5
SHA1: 516689dee57e7a087e053a3f402cb816823b38d4 SHA256: b5c7fb38a69f387122451f9ccd7ebe0249cb569cb432f6956317fb44e62529a1 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0e79b690ba279131fff542c4801351fc
SHA1: 4d7684cd527b9c00a992d6edaa89e353d12076bc SHA256: 517a60ed330120a013dd402887c436fc85ba0d32873d3b30dea48ee0c8cf73e9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
470432b0d9ac88813cb2f444da58cb24
SHA1: e6501b794158985f690a478c49f96414901b7c16 SHA256: 77314f36add45bba5580811496a7e9a095a1021bbdc3c91819c9a8f17bcc3ed6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
bb61023e4fb73929049e1a8f67b1961a
SHA1: a8d454bdcfc462272dbe58f17f0f11eb0e5c6bf9 SHA256: 9861bf78b729b2f7f572bad333d68013013bc254de0d5d945024036281e77314 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
31a2f135681199bb1f1d33a8e567e071
SHA1: 3661bc7bc7aef1b340574d767de1c26d055798b7 SHA256: 40f64331918c493bacbe1fdf00ab63f516a9e9091ff43ff0b5c901311e1a158b |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
036177d0287e398e2a461109a9c03b17
SHA1: b5ccbf19b26b184acb314b439c708f063030ba65 SHA256: 27a111af8c58ff71b72e16f858cf9d0592cf3585ac02f38e70a540fd101bf85e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
3aeb6d30aceeb81e1c93cfe420dda735
SHA1: 1d33bfe2426416e14c40b080aca5f226dc26e121 SHA256: 3c126d7de1bde6ae1064f3cc7ec070b25c27afd606930125282fadb99adb0c6b |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
b052818d5dad028f345fc59ad440284b
SHA1: c1445a4fa3ab71be001f5a477c16b7ddbb1185b8 SHA256: b19d73b07f8e199dd4175ea802f0f6bc04807aa2fe2c5757fa6ac5584948e805 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
5a83fa0ee650ead8b8c97b3b48cac33c
SHA1: 5441b1df0f954352cbf82fa51a6314c3e7f38e05 SHA256: 66ab80f0337f9fbd731021d3d995b8c647e7a30bbbc3acf42b26ea9e6b1841af |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
192e38f6712b4bfe6b6940b67e542e13
SHA1: c121a6da9c2df661db8ad6bbfe9258f3b2175f3f SHA256: b5c9bd35825fd81a83f3e35f0ceaaafde7cacb249a7d88de7ef025d51156f55a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ea87a51c5b7d175b519c0410c73dc68b
SHA1: e89685354569382d2353422692583228b761268e SHA256: 89ba1e6d538a1beea3ec56280f78d38f9c8f11fb9ff67d919965b622653aeae4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
16fd7d224cb9bd2d0e0635f0d657e7e7
SHA1: d4a1c8bb5fc3e8a97f45e9f7bd3622bcbcd49c2c SHA256: 350ca8506e976e56b35a33adac75f67eae9d880708c75a624de5e993285d86d7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ef19f5fb3de11aeb1a94727dd89c885e
SHA1: 7bf0d3aa4ce8fc1180129efdfb3ef4c22c820eef SHA256: cf04c3cb9f95e60367aa2761cd37c81bb24e5f89278f328fe716a3dd65fff403 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
933865606c3a1e039ea8814280a61496
SHA1: 24f927af56a53e2fce91112af40690ac683948f4 SHA256: 11159a7dfd9e7445afbf85076324a275fc1b54201c7555fa503148197a4c4e01 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
7ac692bc78a7e2585c34b88b865b07dd
SHA1: 3f22a3d0e49c65679247ce3f37064280c2113a90 SHA256: 7fa8f262d609f2aa2e937759d94ee4a6b9e74bf472e26736c1a65a9a6b00f115 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
bdb3b93da1d867f46dc90680801a308e
SHA1: d413010296d9619e9d9b8eef5f2db0e6211ad46f SHA256: 43ddf773620137d261254cba0c5692f6df53415900cdf92d1f149bb8fc520877 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
111ce9ccdb1b2f74959823f16ff312a2
SHA1: eb2baf5256eaa5305d41a76f1bb1c31f4480019b SHA256: aacaa02d4786d917437ceeb041eac71d2714223e506fbd834127e0622eba19ab |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8e0e161294d7f2bf6e2ac3155e07e5a8
SHA1: 518807cdf1c6dc5aa458f33b3c91b798620b5f45 SHA256: f4e1e97f06ee45352968923bf4c7a7ce1db9248c8ae4cea482e3c5628d0ee854 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
c790532da14e90812fa485cbad151729
SHA1: 7edd228ebcfb10eafca39707d00d5f09417b4f1c SHA256: 35e290b70c010d989fb6cc000af700a6d754fa9fbd081c686009e78cbf89f754 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8d7cdcb73d636921b1bd56d197d64ae7
SHA1: de00149051ca4cad95569e383718ab56562705ed SHA256: 68de719a2a0087b5a3c7338a7d7f081147798d49422272b0ac000e9c8ef764b0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
5ee3bdfc2e4ad6e1663da842fcd92b25
SHA1: ae1dd9da48d96f2012887fe24b707cb7e1e9d850 SHA256: 90024e4d93e8c84870fa78c57d4e6b12d4a2b634ca84a2d2f2b0ab734f533770 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f5a35f0d8c9258d21bb879c879ae52a2
SHA1: 9c0b5078d298fe333f7ce7f78470268010d2b557 SHA256: a7f6bf7e3cc4736d13a5187a665d39e981292c0e7d866f0d16d5cf44a8af06fa |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
415df0e14cc75b273797766d5d5dbd92
SHA1: bd17df7ed6ed6b24c8910f31c8c01f1f747a2593 SHA256: 66272164f4ac974910a84b77c2ee776bcb2f820bd03fa20351910176280af8db |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
03c4c2cbb7b71b62ad4f2fa06dbaa500
SHA1: e613f37ce004d59bd4ce6f872f941cb9e02b72c0 SHA256: 3905fd39cd97889b1b2bae7207efed14812670307c0f9c0e318bb3564a35640f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d0c9664b82b132a1d5e55c7641bcaa32
SHA1: ee0f11ad7b58fe9f5f702e517b89261189ab117e SHA256: 37c0a3ae1d80a2147c59b1c10a302d3b1ebf0ab1446b3defaaed6c3ace077722 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
60221806b1eaa971f0805f198a52bc53
SHA1: a90e74b74436dc0b72e9abc19fe04994399425b0 SHA256: 50f2579c60287ee07ffea0c18e15b37c317e7ffcd94a8ea075786ad848f8ad22 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
1545eb055019f44d7bbafcce4a2cde44
SHA1: 9f93cf8a01f1d99e4862df6fa92e0c9944107809 SHA256: ccc2cc793c89ebfec6068f9d72d591cc22aa557eb73c9e6dcade90dd10aacf57 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d50cb474d15009cc1509b9c7a8e6de18
SHA1: e06a99bba6e83ff5776c7c45bfa60da7f2ee1e49 SHA256: 4b39743cebc5fa913adbe0239a7be1dffe73cc2100fe72a4c0384f6f852da525 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
76199b79207313ef73e58c91f894090b
SHA1: 1d7ff3f462f66840e68e010723586967e47858ee SHA256: 991c1f594a24a0e24c333bf9de9854e7f5a96fc2a1c54d15ea3e4e224ec19b57 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a90e656f2ec243ac278a7150f144826e
SHA1: 5c1de5526e61897a5fa45fcd20599d14f935a36b SHA256: 9abf69230425feb25f8108958cb0f1bdb1f788e64c5efd299ec6161648693d56 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
1c2c2b82a51b6ef553f80c73abeed2cb
SHA1: 3f970d9f20d9aea90b7583713feb8cf1ea387888 SHA256: 5fcaa9ff44861807206b5cbd9456ce0606c002389aee7d7e8b50fbd8d5e49a07 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8b3fcd1aa2f67b805cd72d9872e43331
SHA1: fe0db975d455f0731152e3e60d314abf08596253 SHA256: 7500cf228ceb07da0bd655178a3c486d1f9d8a971982ca1112e44313c56c21bf |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ac68798e09ca338893adc19ce95c834c
SHA1: f9ac2630266c3e1221ac41505950e6c7c618cd93 SHA256: 07abac86557b1ce80920c850ce28501e495f6cd99852843fd1df1206d433613c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ba78ceb68b3246ff67e0e430963c657c
SHA1: 590fe102377c38ea3b72893c9c0f72a5194a8395 SHA256: 8ddb712d9465216f3daf2f12a1dce5b0a8b72237ce63c37312a4c0ed955b9137 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
74028e74ebe873be07b955651a6aa13a
SHA1: 1dedee862e459a632dfed9cfbe58e972281172f8 SHA256: 7cf49a79ed677cc1d2fbba89ca1ab5aae02322263c829f2e09143cbab1c4a9b8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f4fcceec6b9b572b3b94b27716363b72
SHA1: f242231b5c84871a6c09a2e09bf1b16426842b07 SHA256: 61b4751d1e9f2b77ea1f7ab71090ef5c4437531a3da38fe94db6b210d1f067d9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
5ad052dba685485c7911287e9a6b8b62
SHA1: 13161e758d6999f04c9fb2e09c5aba9a6433ca41 SHA256: 48aa50b67a1db1bf079cd57c963624623aeebcd4c28ed665288714a21985ee23 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
74599cbe33b049f550921c7d20bdba0b
SHA1: 04ff02f4d30c0a2394504c070be5651d3a3bee68 SHA256: a3c9943edc224207a9d0eab310bd7dfba0e4aa7cdd751de0d8a36620b17b8116 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6488c62e37499b1d58fd634432e69b83
SHA1: 97302c23f0f601fb3f1e89cb4a81300bf20e9e4b SHA256: 784c14470886b97e160cd326d70eac01c9b5f32f30100cf4ff4dd965fd1b2675 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ff10d6669524223808a0a12e5e418e60
SHA1: 6447e6d431fe201ac0245b8ffbe9fc0ebeb705ff SHA256: 34344b59f0273d17f0a95b4ba618cd39864f8edbcc267bb81760a9a7729118f0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
abbbc719b95e9c9426ff3590fa62190d
SHA1: 998ffebcf24858f5a5ad059e356eadecb11dc1cd SHA256: 814adbcbecbb6f95b52c8652b902f25fb04c5d53891e880767b5d474623c2ac7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0180870b42dcf8ca9e1765fa35ade47c
SHA1: e54deb9e27deffe78a2f3b77c5fb6a94fcef1c36 SHA256: 1799b8426f5ff8428d6a3a1988c46deaa0e7e645aa337c867907f21080d87109 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
1d68f06a6c6fc73d7f40f5ee174d9c77
SHA1: 69dbabaefc96d168d955c03e6104c78e25dcdd38 SHA256: 010d8370806c0b26e1dbc893db33f2c758f40376f1fb5589b0b471b6eecb5db4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8ef54491807ea0fb81e3c0512536b738
SHA1: e481f1a39d40f34ee4d119cf35116980a0c32142 SHA256: 62d8616bee6dcf16c8e4993b2a52f9b32b99b69c67b1501d0fe893478a5d5b47 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
502a367144ac188f54517e7ba4ba8594
SHA1: 8bdf345f8c4ff48c3e0d164d83fcf35229923a1c SHA256: 6430dda12a5cc0fd1dcb60b683727c77849b8293da1b9ea25ea41950bce4692c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
4170d50d3edbee713a753cb7c213a63b
SHA1: e8238db794b1603a471d468a7e237f14641186e3 SHA256: 869131efbd21d9db9e9fbd3942dee62711eeccf3ff75d547e78a70d40dcfcdbb |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
13750b82fe45fb6ff1bae553cb2d2cf2
SHA1: 03b6584982f4b192a6b2456a2db0da7cc1193a5b SHA256: c91e2c9996671460a054cb2b75d63556ce888ff767abb7474c34aabefac94c34 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
22016b6e8346a5c499c6fff2524a1f72
SHA1: 36a71b190b559f31c512ccba9855f1e42cae9489 SHA256: 2432df3d3bc41cae7f91100cd409c7c1012f9f301114500b67e68abbd9bbf72d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
fd1e5bd3a8ec32f255e008bb6824fea2
SHA1: 1be89702a029e0e3e54aaf5dc9f83487d379c47b SHA256: dca3925a815c7c90f8ecd25dc8d4ae6ba22881cf52ca20a9edc5ef92d9343ca6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
da6156020cdf6e3a40327436c950d6dd
SHA1: 9989a3cfb770933f9f75e60f1b3df5eb1bf50486 SHA256: 19d991c420c129af18d9e5083fb27d2d24affdd72c44ef279f4e4ae73854608d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
5506b753acd8b8867b7694cecdd25213
SHA1: c0df1504bee2d24254f58a08b27fe7a42e943b35 SHA256: 51a34ba0b6dff1761387f97c9994aa8986d675937be0d1765e38bc751b13d6db |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ab254de9bba2cc31524de16d36e6d31d
SHA1: 824cb41693d1e5343eb40b741a2e7098a167cd9c SHA256: 824af92033197ed7950ff6080006c96c36af6a8044a51bf9d8ebf2ea00dda76d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a35b740ce644ea3f912ff3b750d23f58
SHA1: 6f4dce3e5505f42d431fcd85f4bc11c0141fcaf4 SHA256: a8dcbc24f50fc26e9fe385380a3c764b251f5be3560daca44ac7216115708818 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
fbba74be12d24c72d64aded8f19a69bb
SHA1: eaf0968afc4c190d13ed940fbc265ac913528bfb SHA256: 3d425503980fd8a825ee8ca0f2d400c7bbfabeafb67e3f3076235cdab86df4a4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ae0898ad377a1cfed5d8dccc89fa6c3e
SHA1: 4fedb8875a794f8a51d55f1b9c08cf086003bd32 SHA256: a2d4531fdbc50a3a192d31cf9aab5305cd531d2eb98d7c42aeff311506b0580e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d93155fcb055e78e8ed256307a409e27
SHA1: c675502d98e3bd9e83038ddcff4a14bbb7b12396 SHA256: dc40b87054f35f31723f1a01a56fd9623052e776d6c5b01a503a45e457916873 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e228e3d6f60380bb9725d4cdfcb3019e
SHA1: 0ceade1d8a3bf9a3554436c98815eb6fe4349cf0 SHA256: c2abf30e01116e73ed5345bf0a5ccd9a7d3d70547f4097d477b84272c77d92c7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8b40b425a4aa246b0faf03c4dc41865e
SHA1: 5cfda9d814f7b1a3fffd56d551ba9b3ebd9ad01a SHA256: d7d5f4665406ba7e230296e899c3bed7259b84ed2683cff961d7785f9bac718d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8802819753960d2c9cc3b1a690a15478
SHA1: 35f2ebf27b0db55af75f3d08f59372a2d95a2dd5 SHA256: f157bff623502eab620c704f895a53d9368b496f4b2cb3a12d3c5691b31e0291 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a8d83dc108c385716b571af0cfd2450b
SHA1: e72c06957fe845578e69838794ace5e9468e1e8d SHA256: c3629e4c0df1d1137c47d19d126fe3f333d1ab295b29aac897644a8878e89b20 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f65002e1176f5c6425db6352662618df
SHA1: b4244207352905669fc074bdde627b161ada17b4 SHA256: 2f24f7e19e6c472620b70174424bbfa3282469f83cb1742608bf68bd34238255 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8a11a0c50125cc1fb4363d354d3ab452
SHA1: a683ea35b2238c21c8950d7cb2bb8a69937e721e SHA256: f2a825107bea2ec68c1b5526efe3030813053406b6c9a8cd048eb6d9f5f231fa |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
acdec48add32d8ff2f89deda598c1102
SHA1: c60cff1019db53e38b3e7203da7b905c1eafc87e SHA256: 9ebf34d9d112d9a9b74003b7dfaa624a0256485b7f7a18bd5004730f48aa4329 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
4ba7590cbcc41baa6f202c28dbee804f
SHA1: 9a049e8c92d4699dce538a549b58a559c6da7b1f SHA256: 3022ba90e9a41f1da6bfd88421bb82eeafef0e0e7478139e2db04b66b5301cc2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
9ec4caf1969ce582c75b9690ef8288a5
SHA1: d18bb72636623cdbda75a7fe19340e1960334d14 SHA256: e5ef6de0838d37fab7d7bb3a3f62c1fe80d45c93efae1ab23de140d84b2cbb73 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
629a94de1eb5eceb0768c6f544287f12
SHA1: 62c7bf4393ce2678d0ed5c5dbd7f5cc7c8646131 SHA256: c687289f1d490fcc4667fccbae122692e3180f1edc44ec2e2caff018b95370af |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
7e15d8188b120c9c86e18744a1bcfdbc
SHA1: 9d225cdaa02ec39470e3e6cf642c3831d57b897e SHA256: ae28d89c8a8ac0bb15b9ab4c77eb78fead63288659ff6532255a6e315f9a5868 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
07f427ee10790018a36b1a43eed94a3f
SHA1: 819e6885dec172c6656689eef7f825995370fbe7 SHA256: c46a10a59d028345f3250a6420cd8930036efc22548ebd283accde2ab32fae73 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
66228c093f2176dd6d4e8abdbf901280
SHA1: f424df5f8592f918731289ac64fab06591f9835c SHA256: ef6ceaf0147dc2e445a8f8dc4f1c1f64b0b8e3284f78ef79e58a94a8b2848a2c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ecbbf8d71492486ed7a515155c5f07cf
SHA1: 854b1261fcc27f8b7a92e6c961743c342dc82230 SHA256: 3dcda8549bc20be73b2272deaf97bd3a29c8a25688dc96ab788fc93dd5d02375 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
3da69b963357527619a17540a7cb4bdc
SHA1: 9ba5efccd61fcb243aeedcf06c7cc7efafe328b5 SHA256: 971161f2de1ecef8ad0bff3191aecf90c24ce6222b856adbea7eb52a9e390017 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6f62bd211490087c503dfab27d4d0ea0
SHA1: d378c73a63c6eda58ebc534736790ccfe8f34901 SHA256: 61da286f592000a7b3387580dca2a346986428f40e38f54a4f64d4bfc365bbe8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
c3746a99d4cfd6541f64d69b4c7af0a9
SHA1: b5bbcc57107d91bae5ee3736975712d919b61118 SHA256: f8fd2b84dc389a149575a9954e7c42d761bde6eada9353d748e09786c1d5f635 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6e73091f2bcbe8ebaa9f123f644e7116
SHA1: b4242e312287c97f8386727422eb1bbcef2719fc SHA256: 702764e47f4b902be80d17465639dadd9897da302f6d40be3e2f03fb10df56a8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e475964cd0b5e79e2060561501e572bf
SHA1: 222b291457fd973c8697a66a358301767e181c6e SHA256: f44baeef5c5d348c974afb15bc02f66326a5ab6a50f64bd9ba5fe61c826296d5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
83065d3af1ac7ff34887a69248930c1b
SHA1: e16acc3babb39ef63ecc2b6b413c45ba0acebb8b SHA256: 21c4022e528f44439d85bfd654dff0b218650c862a54f979914909900d7c901e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
c0140bf3ec17bf0207519fad908563b3
SHA1: f6cb4b65c5e05647aac8e69f4e37098d86ee8c36 SHA256: 0678fa0056c4a4b0561bfa97b3d661ce5736a8f8fb8df22435f2f55410d65bfd |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8cd8f5aecb163e34cbb95d4dafc757eb
SHA1: 81b49ab9adcc957b01cef92e1a3a820b86619e7a SHA256: 8f037170a2cf5697841fdfce99118a2d1a421b4438a838c92bcc72ecf0450f05 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
76c41a76e7c277c30482d6c68eacaebf
SHA1: a332ba2a230537b5f5c923fd91256e67b2fd3cf4 SHA256: 623eed6e31a8726cf27a9e99225d9085add16715ea6d80b2a10248f58db6fe86 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
2befc8fdc1f628ea7d411e2034128843
SHA1: 6d8e2add25b49160ec5d7ca39e8b6098eeaded6b SHA256: 0247fac45afd615d0354ed4fd20580275fbebfe6ee279b7d8338f94089dae324 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
476ed9c62d652fee45bb0a7d370351f9
SHA1: 7a62c57eee8dac7418c0fae1dae1846ea7780b54 SHA256: ad9eb960a19699536d54c945dd3d2cd5fe87dcba7e5940015d2e2b3a28ccad46 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
49372e91edbb7f13a9f4f8b970ba3cbd
SHA1: f570934fb650ba3f62403ab750a331396364113f SHA256: 0d194530694210d61871f92847286823c04e027775d7486cd551fe5cd7ef1d94 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
27fcc6c5a519d70b25265605ce65ec67
SHA1: 338c8723bc53c0359eac4818c94746ceef0b0915 SHA256: 16cda29fabefd315df376c5f22b146b02d248eb96f039335802bf0bc2b887c9d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
736d797c53a971f0435ac03bfa8e2e8d
SHA1: 5589082fcd0cd0268a133a63961ea3f4bc2f7218 SHA256: 7773bb240abfe69eb96e4a4c42c9b0d59656145c5727856a828589c14803c4a7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ae26c1f39e328a672a3b716e4f2196a7
SHA1: f7ad5365959fcff1f01d3b8e2617ea1c7df4fef2 SHA256: 5a0e4c2ce1f2a5b5db46e2dd6036ad073c6a55165b989ebab9b6e489ca21a26e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
329b8a34ebabaad8a1bf864831194752
SHA1: 4fc1e2eb43022e48079c9b65327a934c4c7ca3a8 SHA256: 1d297337a4b5f7832f2051c785fa2e7d3ba3975ffeb3a736055d0889c7ef87d5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
fbe411b74a0ae779a578da7f172457c8
SHA1: 0a05cea2f609eee104d87d364681c8cf8a0bcad5 SHA256: 28168186a5964a0921d0311a098aa4acce989b8ef197db49884176f7dc0f771e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
318caa82922715054214fcbbcc4119ca
SHA1: 073f2754851fc1d4db332c3ead644e704027287c SHA256: 1bd5608778affd0323834ee57d819443a832e0819ad910421ee1df4778895b4e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
093ae23c04cf29bea6698995efd03a52
SHA1: e3d7ace059e42cf6f606ca18f94ff0fc59fa27fd SHA256: d958036f2581b75a5467af2c312b46686eb6412005ac0fb3e150bae3d6a22e31 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8dbf466f718a9cd3f186fa610189b5ef
SHA1: 2162e7ec8f1f31ab2e7f44bbcc192c274cdc9cd8 SHA256: 84430c0abf64fd399a1b8670706fbd5addad5b184eaf79a8f62772415ad24019 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
54b801d6b674306d06cede268b328c8e
SHA1: c97a7301c2bb7b2007eab0ea843cdaaa231cd77c SHA256: 4408199e1687d98af2c87eef7b9115f9714892bb45bef6d0cbe05c94f5d4816f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
95b154f39ccd405a430bac6d73d48321
SHA1: 8c238ab77017e986943f979b0d7998b7650509dd SHA256: 3035a45765e93f18547773ce8274f3d468d7da63ecb0ada50929a390c90f0361 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6a7b74b4611e52f1b0a4112c3e23d5d7
SHA1: 617200df312225262435a3d9ea2e0288e85d106c SHA256: 5104cec486d5a51421d8f507629b0c402a5960615fca7992a4e5a17cdcdb4e4a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
2aedc6e5f1036aea641add1001f005d3
SHA1: 0dd063a557f7f09b66241cb1c259e24f22be5ddc SHA256: 16cd55a4064e88295dc22a8843e38dd3d17c2fc4a4450a999fb4cc053d301c37 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
014c3b50d6b6d29cbd19155c96d59b89
SHA1: 7e6febd29b1534d8ee218b1d5b4dabef46b429b2 SHA256: 51f2a0b1b8706151dbefb7eab35ec2984b95404e5edf5c2c28951c06f15f9320 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
59b5b47a93aa0952247df77b2e3e28d8
SHA1: 7d0429bfa91c4cfda934f319028fa3c772cf55cc SHA256: b5891762e85aa4ebfa3fc3500f06c0e34251bcd36076aaa3ccaa86aca7ae8ef2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ac8797e990a937c418cb0480528bb1ab
SHA1: 8977ef14a54d3fef3179740c985608ee904ea740 SHA256: d0268a10122a9a39386bce0538ca942ad5ee88d00430f9a0939c886a3f2b4930 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
cd86678c5947d286edf177d3d35fd486
SHA1: 3f0e5b31a24308ef9e04414c1315c69116ece3be SHA256: 15546cee960168be0578b880e40b61f03d392d26e95ddb321dcc373099f0eda8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e0c57894673c14db77b5716666f5a410
SHA1: 0ee041cd18a675aa64c57a82048bb39144c6f5fc SHA256: f7108b96b4f7332ec472af01a850f550d41073b95bc5d287b8cf33585085df6a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
5cfdd119094aca8c8d3d7b2121a6979c
SHA1: 5a2950ca90d25f9be40b574d7b9c7f6fd4e97920 SHA256: b227c340096bc91a9715fe7ea4f2853f5bc2c0f83e523889777cdae9367a2b25 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
1efab8986915f8f7469c0efd9da5e50e
SHA1: ea8cc36012e999606a7673f34e0fb5ff76ccaf76 SHA256: 2de4cda693fbd22311caf871c724526b19b7b763ab6869b9208c04210dc8c2e6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
9c2ec6b248a6c888d5f1cddb5984c92a
SHA1: c40e627483b0f88557135adf3564db7e8937e5ad SHA256: 33b3c30c7180ccee497871d9b634055d8eb7a20f87e602d61ae45d78a50fdf5a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
07ce24ea846aff536fd9e4700116a6e3
SHA1: e2c43707aa8f33dac8cc0c88d25e29be2e442a54 SHA256: 107722b4df2230907ba4aed3fc143047cbc27d0fbf16ac27ac9c3975f0a79404 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
c4cddacfa4899921dd996f95a355dc73
SHA1: fa063383efd1c1d37e0146236494b23705ab2f90 SHA256: 2f801d95e8f5ed1de70bc91cc7c43804d050843f4e6746a4761f3e6cd7c940d0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8cbb30ccb23992b9c939dc915505183f
SHA1: 8a93871f882bbad23e11d6727b6d923e81dcf60b SHA256: 46d2092bdacbccfc6269319d7dfed07528b20e56b7428e56b9d724b55ddff0d8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
af307d487e63a6e3bde288cf56a6ddd5
SHA1: c2167a7f67e889f8a830e3f576840fef19a34429 SHA256: e757e709780d2b5e0aa3049ebe3501f7babc28b2387de5d9012b80dcd947416d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
26b9207fbd0ce18d7262a631c85fb3fe
SHA1: 2a6d749d0c2a19bc0de68718021455ff94f53ce1 SHA256: d1532a59dfca3f30c55bb31c4ecb7c0f672e7ab0c813f816f77a9e76e41ca46a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
90b637cab848a4523db02ff0d69e24db
SHA1: 9f3a878a7825534f4605b20c0c2156f12b6b4f21 SHA256: e95492c11475735fd7c0b42a86d3ed82399865c2174d1e7ce10eba93b879ce0f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
40d31c19e6d1e1b7a0036d792e797afd
SHA1: 5683e0fe9de79e0306aed8a7813b5641799041ce SHA256: 14646fcac260f3b1da5b6ab9599acb6290c375f8952e3cc8b358ff3820ee2f07 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8f8a94e5aaf3aaaab11e662f619a0bec
SHA1: 5e39c59f6f2d524451aa315cf71b3c67e1417a47 SHA256: ff711a36730bb5706531d5689f77a4bbc5144a0d1a1cbd3842e8265894ec7cbb |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e25912828c662b485a1a764370929281
SHA1: 94c80bfce1f463faf05fc7d4789bc48278a3aed0 SHA256: bf32c7912fafa3ec93b50da347a1846d8bacc7ae876ae49ca0a8fc6042c3cecf |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ad09c327d1cf219adc263d9b25b0db25
SHA1: 8f3ba761d924a9a057789cd73654cfbc3915543f SHA256: b48896928a1d59a4c61888180c20da9fc568dc717a09011f2a4647238adcb364 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
80e7c46b9787ccb34985196cbf7dea26
SHA1: 970c1d86396a4dbf9440e25ca90b0dbdcaf44a85 SHA256: 9bcec32676928a706037a9465c690152e55a32a8fdd79c2b8440fd98032aa9d8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
1e9ec9ce60cae65a1dd67c729cfd8cf2
SHA1: 1bbf87af94474b302b9235e1ad5d8f8fa79383a8 SHA256: d838a70102a3719a69f6f68e26b71e0232d30e440605fb2b0d5afa1abceef6bb |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
9a2b3c432bac4d587010c37ebea29391
SHA1: 4dd7dda6671676a229661afe09e6d369278465ad SHA256: 6a85393ba91e3b9dcaf6cbc309b7a9ceb9027180bae065ff4db449049713d4f7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f69c5e3c61a515adbc451d0bc927b2a6
SHA1: 62f623acfb18f03b2715582940e6e42ba5898cb7 SHA256: 2c4001d6c4aafb813cd1a52b02ebec228763c2a09a3a7775968235da8d912286 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0eaca048bdef58a68f3c0264a93e2f4b
SHA1: d84827f9156e3fda5b4d2dff406accbbd148e2ef SHA256: e983ff96fe5a9edce3d59ce3d08d459f012d7f2d89f175e5a10651d8087df4af |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
2587cdf46034e38451b8b3b21407783a
SHA1: 7db34503fc04346d2c2aea4c552e29a568ca92cd SHA256: 089af6ac4715881558192e4da19e827e2224f2c06cb0675ca20002532a13992f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
146a056d27a5f2c59a58d145bd8c13c9
SHA1: 481b1428ccaaf8eb703c3918c641cbc6b397cb39 SHA256: 34dafa12d4c449dbcff2efeb16f4191b4fe2bc035c45ff0da00e75bf26f6867c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
14a765e58d9804875d47a6dc091d0de9
SHA1: 57c8f3343458fb70c9a0a134170e2991d0bdc4ef SHA256: efb538d5778b61cde9b3120a6c1f207d491e87039d47a42a9735be4b45b769ad |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
b181eb822b49fba9e7b19874bf0655da
SHA1: 4560525db504e973c141b8e348e6e3d7c1f27147 SHA256: 675b79ccebad9711b4449ba52a0631104f873e44c8e153ca7aea5c2e2f2d99e2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
04e9bd4de4459518c82ece610583405a
SHA1: a5a62a9659012817b81749f895f9c79deb4ccf93 SHA256: 218a4edb833c409cf0286c9ea8dd9c15111251444a60c250d36e26573a0e8be1 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6e9d1b595846ad143c6887565ff0fe46
SHA1: eb3fea9eed3aaa79fb32ea2eb00640def6b6a4ab SHA256: a79bd06930997e4e186f81a62361acfdb26fbf6c3c865fa5139a2315dc5f2106 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
dab028c0bc0a10d75b903a1087482b85
SHA1: acd0c416424d110ad87093d1e560776280887f1a SHA256: 354abcdfea65c072a52984f34655aa25756a22f1409f4483ba75976053737f11 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ea190f475373baf83dda4dffe46cb950
SHA1: 2d182d034938193e7031ce520a73c7938bfe153f SHA256: 7f9900d7e8806e0fea08bfe8872580baef1d3efa9747ac07a8dead66cb5a7dda |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ee8c27ad636cd7f6349876b2237eef0c
SHA1: e17faeedd7ba723bf2abf0036e47cbf4d502c6b2 SHA256: 264ec7cc00e8d554c02ae906c4547d058cd5f8923b064397b38416d65f257660 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
49b3ba466c2544f04ccfbae43092a6da
SHA1: 96e39173fc91d311c857fec0282ff2e719136e05 SHA256: 14d0427ceae6e3f556f08ad167e4b5e401f0be04daa8ed8ac0215e76ec79c66e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
c58a51073ab312c83bd9e4c8dfb9da77
SHA1: 945555a2a2f44e9ff7c645cbe42eb4dfd6a36ec8 SHA256: 54737eca2b9198ca2d846399c4c1a73d7483dbc02d2abcbe21057f6dbc716316 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
36405164d4480e819b47cd8dbacaa922
SHA1: f4816ca8987b2f7d17cf837e3ff936bc7fb7dc24 SHA256: 925a96866ee4ddf226f0d85ebf8269385c8b197615731eee679a4c525c00d9c2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
37a1515f4ff3fb3616f27aa4aea21c6a
SHA1: e7e33f10525a13f7e39f9f4797ea746d49cd9451 SHA256: b9b8468eefba8e99f00f1b48a1135684eff6dbabb3aab352caae9ddba1a6016f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
56f2ebda893480cab93ac7b106a21d46
SHA1: c06375ab0c71d9f79255621692f3b6f2cd3d33dd SHA256: 9f23cfde7fac02d1137ce9dfa994e27f604ab2343095908aaaaf6d5465953004 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6f6a36eaf90e1faabbe04e7a9e54ea11
SHA1: 3251627b2169dd341b465f9df3677151b710e6d5 SHA256: 1fa4e2ec6a6a8338661ea8aa4d341c4fc977306bd4d24d42c54f68cc87c619cf |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d4a671e6c04990385f5cf13a5db92880
SHA1: e031994a090dc78c31bd5b5322c7ed2cf65cc24a SHA256: edf02c6182353f4b0fb8d4ac5dd73b55d677bb5dcfe9562d6a0df7cd8f16482e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d9d328bb97daad62b50c0ac1ba41ec5e
SHA1: 957bc23f8deef009343d63abb81c7855159cf08b SHA256: c48b873a0d51a12a69471470f29799c1e66a20108ac7a8ea901306b236cfd142 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
962f1053352fb9bfffa20e1c42c75b51
SHA1: 1d16941b6d904c378cb1bdc294a371d77fbad5c7 SHA256: 5acd70af7768e16c7c27dc2cc555186a36e3d82cfbab61641f7aa29b7d751c24 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0ca81ece6f1814531cd41233e442a9ff
SHA1: 80d30838b977c4f5acdfa7b5ba99ca75b2ee7c1c SHA256: a9d0e874301dc469ebe5980aa0d77f34aa41abaae2643ce5551860e5ca52dbcb |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
9ad91579dd851697749dfa2cf3aea892
SHA1: defd6edfdeeb4d4dbccf0bdcdfd5084bf1a08f93 SHA256: e01bb9d0345daf1fe65ac4707894d34328dbd92c9faa45af53b9bd63963073d2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
82ed0c68bc60422381c9e5fa125910e0
SHA1: 66c243d1ebafc71167bc821b3707a041efc66be0 SHA256: 752b3fbe33fb73efdd7d1b246ebbe84d78395f446ae79c8a73867b0009a06b95 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
9e3e9774c5d837095e59b7770396199a
SHA1: 8d03d7c9c1edcc28d24d4846c58c4ded35410a34 SHA256: 32e75f5e200acad31ee2eb42c9fa7b031c74feee17047e6dd0d59c74e0c06e41 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
1b14289679181df5d8e561fcad127c93
SHA1: 9cf5157a474a6b145421f1403877d10ef9eaf5ed SHA256: 2f6edbcdd3faeeaca02869a72b24f0cdcf99a438253398bb9c963b44b7c20673 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
928a41b0926de1efb54efa02a5381bb5
SHA1: ab68284653f50d3c5bcff0afe9872cc2f479f333 SHA256: c15c8138a247884072138769f26b19933d028bdb9fc47945b07c5c24d59c7336 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
28325e3e130369877016e079288606ac
SHA1: 75a35e2decba91be000f7739af2d753e78cba702 SHA256: 2927e6de3682d03cabde546b755adbbb72aa9467958815c82c1f4f3e7f58b642 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
9a413875cfcd4450fd235c06e44c98ff
SHA1: 0a158e3ede963b794693a374bbb3a5df2c40b91a SHA256: 55aa076f56ba14188d2b379597ccc431a6cfaad7c56210f4dbb6bb09ecc630e8 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
685afefa49a37f87df6bf64889f88a85
SHA1: e4185237c601a3c90e0680bb521129f80d0349f2 SHA256: 4097bb0682054ebf24e4b6673e716c3e6f9803afa514ff205b3e532b55208cc1 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6eb3daf34d237367eb40ecf73bab961a
SHA1: 318092e1f593575f7ae9f13930e1cabc53e4178c SHA256: ee41416d53f68b0fac09cbe499259258bb1d3b8ffcaef2dd781de4ae6880473f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
b6cdf8a0257dbc69915f287234e1cfac
SHA1: 4709816178b373f54488b3a118cbbddc18a0eb72 SHA256: 9aba49a25654cc0842e9d164f0030662403aa4d6615b2f0bfb0808df62f7e82d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
b71171b505dcc1b0140675afd0b1e9c1
SHA1: d33f1a084f73a12be4635c6114d86fc2960c8838 SHA256: 632aa3d87811f8444f10ac49581a2528cfccbcdc7ba5ed37e20396c8d77c8bfa |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
557887f951026c19176c4a4c6867098a
SHA1: 20d650492e43070db824e162694ecb2b304357d2 SHA256: 08caa4b078a03e4534c1ecc2a1b358c860e3a1abeeb792b7c1aa8baa078223dd |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
7b1dd579d2145fedce1cb63d9d54780d
SHA1: d08ba3c02b83585a6ca7bf4caa579334317a0d55 SHA256: 14cc38cfb98097c38ecf47fd5a035c79c38de4b87c3f1bdfec5f9781e35c67cf |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
496d6300a0eb642366ab58380a6ea6bf
SHA1: 114b19f649151238bac279e804174441854f4b1e SHA256: 46abd8ace5d4b4814880f29cee2f90f8f394357a9d643fbaecbbb5f329e6899a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d0957692790dfe2696661052a1641d16
SHA1: 05a6100cebf02c49eaa3ff6d0a6398f978846cce SHA256: 625814443ecb384846b3bcc87a216443da79923bd6e41eb73ad46b0b0f63f363 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
ffca196605bda13dcdc3aa6082338cb4
SHA1: 3d8b00e51622bfff4143e49634fb7bffaa8441e8 SHA256: f4c1ac4fc39b92920e38c23d863810f651cef43cd98d82327f0afbfd33827ee2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
a6b790b4f599b697de18793c44407813
SHA1: 6ab66f809ab20507168816285fb84a95bcaaf87c SHA256: 3c8a3dfd989e8f66700fc29d977d833e137f35b536821b84d9e1e145f07a836f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f740d7694e836c1cf9486529cd0944d1
SHA1: 26b534d899964f789200192382f39224289691e8 SHA256: 82bf3f31a86e858f404ad0bdf1f1c4c43a40d606df29779904cd7058a9c0b93c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8dfcaaa9061cbab9ca9acdcb0d30a962
SHA1: a802d687a92b8f09c1a89a7ec6243fb26574baa2 SHA256: 3f15f1761f3ad613580a1d1dbddb78fad37e0f70376aff947e67c6e5371bac81 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
3d990b42f0674990501c643e977c3ed3
SHA1: 6be4f219b12c0d3411c813c9856dac842b3f5a8a SHA256: 0599034ef63a6242277d404e01dc889d6e06f2b13e9d7f959eb3b7b8917e0a0f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
44446c4a5cde5259188e9cb083024bb1
SHA1: b0ec568cb6c9f2cbe52496c5d51ff4930764f814 SHA256: 20b2903530464f0c19ad9ab7cfb57198bd415eb1d1245bbdc893651bf07ea8c9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
620c08192f0a7d92694e95ddbd9b6e34
SHA1: 27e01a0c6f153a8758d6d832a5b6c000b7785a05 SHA256: 3fdebd2769a350d88cb64fa089df269c1412940cb75d823cc27f495407cfbbcd |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
0e9a4c1490e2ec3e91ff48545251f127
SHA1: 557a6abdc35d07006966cf121da125657ecbbab8 SHA256: a6eac1d09ef5b671f74e7081e313174fed63707d21890aa669b399164f9413fd |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
3bf8c1cd5b846b4edd9ec4c795f2cd7a
SHA1: 8d9966f9d54082875a6fc95603935b401ba6fb41 SHA256: aabf24c4d3ec9cb3b17be08f4b8f6d81d6601e6fa2302bd0a23d1b645af285e1 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
25b2750e41f3470001006ebd93190ad4
SHA1: 4bd48941a9e804274a8a5febebdd74947961d132 SHA256: 08e0736c74bfdf3f0c27ef2d1800651a46d763ce06d4c651452b4d1ee2699e4a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
2f8dae5cbdda3b0a33a6fdfd14ce476e
SHA1: 2858ba3fce3fbbd1d388c6d92ca2fa0c15e44160 SHA256: 57dfac30c8fcdf36f5ccf299005c16f2e0d717e0518caee4ef4d17e16535b451 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d6b10b368c2e9cba8fe1e117d00d0df7
SHA1: bbbaa1287e45b217b56e6c4307eb6c4ab2cf9eaf SHA256: 950daa8a4f192e756c01238ea333193d9849fb90ba320ea95bc3629b49b8d98b |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
d6ee7c0e3c429afc288a62808b07a89e
SHA1: b79d16d33a13599715681194ec997e89a7824f8b SHA256: a77bd150df8ab741ec02133ed4ec90499fbecc8bd396b60e50da83ce1c542c95 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
fa6f52b53f435de6637d4f3753b0aff3
SHA1: ccb9b68610191f73a307d0aef5e347c98530540e SHA256: cb545d2419a8719e696ac48b797d828bb1fb88e0822004ffadc73fb902c4a5f9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
48bd39ad048523493f812351fffadb6e
SHA1: 5042d0edc18ed83f3959b1f04d530bb0738e8205 SHA256: 81471dc045dfc193fd512ef80cf64d0828d98500d1a44b260b181c360e736b5e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
436f3a6fc73986dcd9d822dd9ca36f16
SHA1: 15024e4a4006e0facc753930b4f3de8dd3d1f4b8 SHA256: 458e7a12b90d7426212b0b0ddf8081c4fbbbf9c382e96e0372318b4c4d8e3cc2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
065fd54fd48181a0870f8c5d35f15a7a
SHA1: 0cfe6b3c6d9fa22fc4e0f7feec899b54ec7850d2 SHA256: 0ce30343e06e13294587a627cef61c6e3c8579eb8ca384b6c6b829ebe694c2a7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
6259a355604397d11c9cee594b1fbdf2
SHA1: 36e3b1d50ab531b0173e2bf83a100b68d29f962f SHA256: e0e97c035e5d1fd20957776a7dee1d7185e1079feb9599f17318851e16349412 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
105badd269a7c2ffc80f1b44fc67e88d
SHA1: 61b9b3fd2c1f526b586918fbd2bf2c39367a7170 SHA256: 4ded211cfcd5c62c7343fab522a5082a60847b4e7dbec3f8607cddab3f326578 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
b263183e057b732a3b5f2c4ce8a706ec
SHA1: 4249a66705107c6b9ae9cf7ed1e5a6495efb2d58 SHA256: 93e8c96bb4a8b7ee1702494dd7b386b93152fbb2628b37edf4091a2ac172ff3e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
84cbee530d5a261a9a1bb0f5052199e1
SHA1: a13ba4033f07cbf2eefaa672c11e87ae61292afc SHA256: 223e185d21e01d7598a9d4fc0c9227ba4ccb91a9f63df5f46857cae062c0f74e |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
99f96b717523474be097fa05b2b81b36
SHA1: 2eae3ecac36af8ee6830b4fedfab584b2a71b6b7 SHA256: 80cd8de866fbec11e6ae6d657841401d7469b4aadb26c986d9886bb71efc969f |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
55d69d4ab3c99c176f6f921a9dc5230a
SHA1: 2c9c6afb882a7fda231069ed0cd7614875a65a32 SHA256: 8e30dc8a8e2c0574a903dbdc32061c742c995486a8a83e9ae1f30f38da2c66c3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
fb2a005799aaf9b3dc68efdb13e85206
SHA1: e5f0597b758b86cd8423a35d463ba376c623495c SHA256: b1826d98b95cec85546e23a7592acf034e83c5b6cec48c2e19da2bf6aff2df40 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
af99e9e3e38f169e532056b39ac208d6
SHA1: afdd2c58a8391ba766c8a7c94ee561dd9f038e40 SHA256: d4d8c49a047c2e59fe4985acc5ca283c1f5efdd69efe74b6d12fed8c0dee1006 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
59715a1d21fc28d6641f70e4ad44adc2
SHA1: 486ebcb64e4dae319a187ab7d1d8a68fface0e8e SHA256: 7713c21bfbbe7238e80883acc85f8389f2fd6fb48723891632283b076a12b35a |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
efbcfc3e4733e9c6ac5cd4e645512aa5
SHA1: e0f8914fefef927d19f03ac584f7f5a290e1f1ea SHA256: b5ffefeab4a0e0aab793178ee455e063891e1beb430cc0eb45655bda091cc4da |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f8fa42e08dedba0e4b8f6b0868b6f152
SHA1: 73775a08f167293a7357a6ce9d53ba55936a094e SHA256: 7b300a382b9a6f9d2d2eb5df1c6aab2af805a6fbb0797edfe365a1c619a1bd9d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
544ccb9f9f0b83eea20dd312b3abbb28
SHA1: 5ee7791fc83e4c6fb56635277d36ec65d098013b SHA256: 09b84a153884323422fc22f4f95dac2566d606b676f23ef762122a05df4ad032 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
4eb3864df42b01bcd5fa7d1175e7c948
SHA1: 6dac849803cb1e45eee84f0363497e850524814b SHA256: 90cac6a6092127fab3d01d09d998a79ad2f36848fd1c47e913c0d37244fe795c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f1a486682c129d782bd66ac28c124323
SHA1: c674d18d8561c03a491b761b5a558930f7279430 SHA256: d94584c1d0285483aef2e261bcad0885f599fe55338dd10ffb6b308eaada9aab |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
34704874b8973be75ebc15fdd6b734e8
SHA1: 82535955f4ba92066c7a95572a6877ec5c4eb098 SHA256: e24a496b731be9280873e174218d7e91cc7f4d7e8fdadc86278f61e80f11f389 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
8047f9e908fae3185d5e65a304174087
SHA1: e00f5868459dd39c60860715243a0388fc2565b8 SHA256: 3ca686c824e2fe0cfe1444b0e6e5e2e4a38ea8aec20c20395dab4681b488ecc5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
307d4df7a3f276f7c19fdfb3429f24c8
SHA1: dd792d2fdb3f73c6a35a215818d58f54e827f63e SHA256: cd6fa5ab0339a9f573620551b52c1228e2ca9d07152dea81c1c61dcf53e5b1fc |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
642a46a839a27eb70d2319244a7ac3eb
SHA1: 9b3669401567d488038cc0a8d6b571dac599f956 SHA256: 66ab22e9049760b3293c89a09ebea385c673c8bcae45f3f3eede66ce4e22cbd7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
99e999b468bacb9a22280768109017f3
SHA1: 96309dac05123dd54fc15d4c5632f54249c26234 SHA256: 5a6163e01bf4b4c7658fc5cff698e18ee7bf437e0338bd43c1d58ce551d4611d |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
71e11f408044d50b85dd10e4d33e4425
SHA1: d907e0ab4f5c9de26870b08bd856ed6d28e23ba4 SHA256: 45aad9d3ad8bf5b79d7605dfc9f6aae7177b47ecb8bedbccd7f624d4469327a7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e12b225cc7dacfdd47cefef9d0eb3bc3
SHA1: 13b4d637441b0ac8066e0e65ea3057cd808848ba SHA256: 41fe426330c2da1a118773e33270108ae8a08638c416b13d464114a1bb11a6e0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
b6e45162a02c917fc653da37428823d4
SHA1: acfd571c1e048b94ab44b7e2db940dd82013c8cb SHA256: 38be2fe4583afed36aa3260d962fca50a89682fa53760c54a8c1b235c1f8069c |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
3064808363ed49100eb872c30cdc000d
SHA1: c72c547e22a9377ab7ba35ad03c09b057b71553c SHA256: c2505ef2d0d8190307df6c52c029ca81967fc7144134077c4f1c223e164730f4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
f1d3150131f487362ca359ced1fae81b
SHA1: 175fe8bc6c1cd03c76bbcb370918a09778758d89 SHA256: 8ceb35a7047b6239cbbc5b6eec9f777322129d87c9258f7535203563cce3c546 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e20abbd0f33c42e06691c9908c02fbb1
SHA1: 56056f8f9b5c3ab49c50bbb0b174b6124c73b57d SHA256: 541cc93cc3679af94fa1a23a9627a89a9dd9407f6e6a69dfcd19508fb6e48271 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
553e5c1501a8c231cca2e3db74db21e7
SHA1: 80b6fd6682c92346cf45fcee43986caa5a0bf9f4 SHA256: 9c7034bb1d4f9f45b343ed088849084eeec2d0467c7d391696bddfec9222ff77 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
3447a58cb842436fefa56de3aea493b3
SHA1: 0df500b09931d824ee6300d873fe28f18fb85471 SHA256: 6c57e7de709a0c2c0ac7f117bb351a32b5bf5896be84a0ccc1f4d6865fcf36d7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 1.40 KB (1429 bytes) |
MD5:
e206ee6181e318c5bcf4a72f7b3837d4
SHA1: 26debb0ca7f010cc966e66834a3cae8706df73ec SHA256: 80474fec8a059123ecf16cbd9dcefaabbd58a5f9508561c02fdf00bc969c38d6 |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:08 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 79342 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76a34f2b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76a31252 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76a34208 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76a3359f | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76a34a2d | 1 |
Fn
|
|
Window | Set Attribute | index = 18446744073709551612, new_long = 0 | 1 |
Fn
|
|
COM | Create | interface = 00000112-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER | 1 |
Fn
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = Class not registered | 1 |
Fn
|
||
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, base_address = 0x55820000 | 1 |
Fn
|
|
Window | Create | window_name = Press, class_name = BUTTON, wndproc_parameter = 0 | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
For performance reasons, the remaining 901 entries are omitted.
The remaining entries can be found in glog.xml. |
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\BOOTSECT.BAK, size = 8192, size_out = 8192 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, size = 8192 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\B0AD3AB92537B4FBFE37930729309943.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\BOOTSECT.BAK | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\BOOTSECT.BAK | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\pagefile.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi, destination_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\6B2DB7FF0F9811B2CFADC1531390F5FA.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 2, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim, destination_filename = \\?\C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\8515860F00F2A87F630C5931054D8CC7.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 5, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\desktop.ini, size = 174, size_out = 174 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, size = 174 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\D2D9507033A5E4DB82B20D90383EC923.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini, size = 20, size_out = 20 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\97978E0428D9BCBB43314AFC2CD2A103.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 3, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact, size = 1178, size_out = 1178 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, size = 1178 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8DFF43342C68841C83BDE75D30616864.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 5, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 6, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact, size = 68382, size_out = 68382 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, size = 68382 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\FD82D02831F226B04645120F361F0AF8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 6, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 7, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact, size = 1171, size_out = 1171 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, size = 1171 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\3180D48C036A6FAAA02E258A076353F2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 7, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 8, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact, size = 1177, size_out = 1177 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, size = 1177 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\278D60903B72BF40F401616C3FAFA388.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 8, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 9, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini, size = 412, size_out = 412 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, size = 412 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\63AB35AD17277526536F22E31B54596E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 10, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact, size = 1174, size_out = 1174 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, size = 1174 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\8C424C551A76D4366F1622171E8EB87E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 10, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 11, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact, size = 1172, size_out = 1172 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, size = 1172 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\4C9E88000CB6CC7042EF328010E3B0B8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 11, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 12, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4geU.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4geU.pptx, size = 19933, size_out = 19933 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, size = 19933 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BE3510781871306D58A0B1081C6A14B5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 12, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 13, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4geU.pptx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4geU.pptx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5MzXbIREhTTTaeobss.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5MzXbIREhTTTaeobss.pptx, size = 62064, size_out = 62064 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, size = 62064 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2FFB243E16646FF464F688111A91543C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 13, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 14, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5MzXbIREhTTTaeobss.pptx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5MzXbIREhTTTaeobss.pptx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8HoT4SPBYbm.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8HoT4SPBYbm.xlsx, size = 82469, size_out = 82469 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, size = 82469 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B34C34B41EC5682F9CB9477C22BE4C77.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 14, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 15, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8HoT4SPBYbm.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8HoT4SPBYbm.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8njS1by2_oecbNC P4zy.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8njS1by2_oecbNC P4zy.pptx, size = 83974, size_out = 83974 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, size = 83974 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, size = 50 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\96E8BC382A82756A96F374BC2E7B59B2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 15, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 16, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8njS1by2_oecbNC P4zy.pptx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8njS1by2_oecbNC P4zy.pptx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9sRvP5V9AccV.ods, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9sRvP5V9AccV.ods, size = 34600, size_out = 34600 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, size = 34600 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A9467A821967F20598E66B961D60D64D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 16, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 17, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9sRvP5V9AccV.ods | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9sRvP5V9AccV.ods | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ASEJIISwQeKimcHMn.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ASEJIISwQeKimcHMn.xlsx, size = 45568, size_out = 45568 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, size = 45568 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D8B4FBC032E124E029E6603236DA0928.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 17, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 18, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ASEJIISwQeKimcHMn.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ASEJIISwQeKimcHMn.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B92naCEgJ.docx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B92naCEgJ.docx, size = 58753, size_out = 58753 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, size = 58753 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\AF137D37318F929FC9EC733B358876E7.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 18, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 19, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B92naCEgJ.docx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B92naCEgJ.docx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\de6NX.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\de6NX.xlsx, size = 58634, size_out = 58634 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, size = 58634 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\E1CB2DE23002B20E4903A282342F9656.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 19, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 20, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\de6NX.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\de6NX.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini, size = 402, size_out = 402 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, size = 402 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 20, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 21, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dKWKVTxHxijfZD_dSm_.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dKWKVTxHxijfZD_dSm_.xlsx, size = 43699, size_out = 43699 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, size = 43699 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4CA2A3B835A9C9D86061764339F6AE20.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 21, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 22, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dKWKVTxHxijfZD_dSm_.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dKWKVTxHxijfZD_dSm_.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dsL8WL.docx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dsL8WL.docx, size = 66465, size_out = 66465 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, size = 66465 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D4132CC416066089C413F0DC1A1E44D1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 23, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 24, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dsL8WL.docx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\dsL8WL.docx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e5mivlGcxa-nNKp.docx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e5mivlGcxa-nNKp.docx, size = 41145, size_out = 41145 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, size = 41145 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7E0556C23257A27A640F901F368486C2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 22, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 23, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e5mivlGcxa-nNKp.docx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e5mivlGcxa-nNKp.docx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eL7YHoCZexIT pMk.docx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eL7YHoCZexIT pMk.docx, size = 1783, size_out = 1783 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, size = 1783 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B8F78CE2222013C8FF50021B265CF810.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 24, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 25, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eL7YHoCZexIT pMk.docx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eL7YHoCZexIT pMk.docx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EtzbOnPY1PmFQ.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EtzbOnPY1PmFQ.rtf, size = 66055, size_out = 66055 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, size = 66055 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 25, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 26, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EtzbOnPY1PmFQ.rtf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EtzbOnPY1PmFQ.rtf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PJ8NaDyMfjtJM01lTM.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PJ8NaDyMfjtJM01lTM.xlsx, size = 6597, size_out = 6597 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, size = 6597 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\5F3F59042CD153CCC290441930FE3814.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 26, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 27, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PJ8NaDyMfjtJM01lTM.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PJ8NaDyMfjtJM01lTM.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uGN1arUrfzZMomzHA.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uGN1arUrfzZMomzHA.pptx, size = 85604, size_out = 85604 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, size = 85604 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\D7DDFDC32CF119C87B5BFA373108FE10.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 27, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 28, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uGN1arUrfzZMomzHA.pptx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uGN1arUrfzZMomzHA.pptx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X2tQqTNWjx7lgtPo5htj.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X2tQqTNWjx7lgtPo5htj.pptx, size = 96420, size_out = 96420 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, size = 96420 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, size = 50 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BB3CCCBC286641FC324D4A8B2C932644.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 28, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 29, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X2tQqTNWjx7lgtPo5htj.pptx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\X2tQqTNWjx7lgtPo5htj.pptx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_oHxelCBmJ.docx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_oHxelCBmJ.docx, size = 83682, size_out = 83682 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, size = 83682 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 31, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 32, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_oHxelCBmJ.docx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_oHxelCBmJ.docx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_P_aT.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_P_aT.odt, size = 15849, size_out = 15849 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, size = 15849 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 29, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 30, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_P_aT.odt | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_P_aT.odt | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\-tHIa9_.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\-tHIa9_.xls, size = 80789, size_out = 80789 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, size = 80789 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\EE9B10B00F697CE4836159F013D6612C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 30, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 31, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\-tHIa9_.xls | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\-tHIa9_.xls | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\Gg8kaToejw.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\Gg8kaToejw.xls, size = 23748, size_out = 23748 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, size = 23748 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\8441A0B23FA9B9126D832A0D43D69D5A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 32, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 33, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\Gg8kaToejw.xls | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\Gg8kaToejw.xls | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\JDjp8wKsx5Dz.ots, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\JDjp8wKsx5Dz.ots, size = 31485, size_out = 31485 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, size = 31485 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 33, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 34, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\JDjp8wKsx5Dz.ots | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\JDjp8wKsx5Dz.ots | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\KtwKDD9P56tzPTxgwQR.ods, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\KtwKDD9P56tzPTxgwQR.ods, size = 26774, size_out = 26774 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, size = 26774 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\2525214410F7DA278BE33B7C150FBE6F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 34, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 35, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\KtwKDD9P56tzPTxgwQR.ods | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\KtwKDD9P56tzPTxgwQR.ods | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\mPKKZqdrZkc7.pdf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\mPKKZqdrZkc7.pdf, size = 42795, size_out = 42795 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, size = 42795 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 35, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 36, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\mPKKZqdrZkc7.pdf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\mPKKZqdrZkc7.pdf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\NMqv0Yc9MO55X.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\NMqv0Yc9MO55X.xls, size = 33163, size_out = 33163 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, size = 33163 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\A0DC431228DE1E088FD30DB72CF60250.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 36, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 37, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\NMqv0Yc9MO55X.xls | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\NMqv0Yc9MO55X.xls | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\QRg3dKar.odp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\QRg3dKar.odp, size = 28406, size_out = 28406 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, size = 28406 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\4718805A3B556C301085A1313FC25078.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 37, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 38, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\QRg3dKar.odp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\QRg3dKar.odp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\vqWzW8a_K.doc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\vqWzW8a_K.doc, size = 9517, size_out = 9517 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, size = 9517 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\3D3271B13FFA5012E003EAB54427345A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 38, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 39, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\vqWzW8a_K.doc | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\vqWzW8a_K.doc | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\YYzgnphG.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\YYzgnphG.csv, size = 101917, size_out = 101917 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, size = 101917 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\1B49D0D52A00521DE10DAFA32E183665.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 39, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 40, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\YYzgnphG.csv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\YYzgnphG.csv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\8uRJm.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\8uRJm.csv, size = 59775, size_out = 59775 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, size = 59775 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\069C108614226DDA8ED0A1A1188F5222.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 40, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 41, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\8uRJm.csv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\8uRJm.csv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\dUnN.ppt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\dUnN.ppt, size = 92488, size_out = 92488 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, size = 92488 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E47D77FB28AD6F18CEB95D752CDA5360.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 41, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 42, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\dUnN.ppt | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\dUnN.ppt | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\DyX3zmFDQ.pps, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\DyX3zmFDQ.pps, size = 98411, size_out = 98411 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, size = 98411 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\3D2178A332ED6F4701E92E353705538F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 42, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 43, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\DyX3zmFDQ.pps | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\DyX3zmFDQ.pps | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\Kv3rt4CpuhTFQ.pptx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\Kv3rt4CpuhTFQ.pptx, size = 88716, size_out = 88716 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, size = 88716 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\9345D86A0F87DA84ADA8003E13B4BECC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 43, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 44, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\Kv3rt4CpuhTFQ.pptx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\Kv3rt4CpuhTFQ.pptx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\WHrA_.docx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\WHrA_.docx, size = 4377, size_out = 4377 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, size = 4377 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\A216BEA01542C25C94FD01F0195AA6A4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 44, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 45, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\WHrA_.docx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\WHrA_.docx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\YtaJJRAGe.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\YtaJJRAGe.rtf, size = 61233, size_out = 61233 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, size = 61233 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\E85C7261086E23DEDFC379D70C9B0826.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 45, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 46, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\YtaJJRAGe.rtf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\YtaJJRAGe.rtf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\ZjfGK_.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\ZjfGK_.odt, size = 69528, size_out = 69528 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, size = 69528 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\33820CBD02F4B0D349B807FF070C951B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 46, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 47, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\ZjfGK_.odt | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\IkpxUp8UshIgHl1\ZjfGK_.odt | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\hcLzjn0RCFG.odp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\hcLzjn0RCFG.odp, size = 34260, size_out = 34260 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, size = 34260 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\632A4073379A2FDC09389DEB3BC71424.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 47, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 48, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\hcLzjn0RCFG.odp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\hcLzjn0RCFG.odp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\IcF1qMW8Ow.doc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\IcF1qMW8Ow.doc, size = 92642, size_out = 92642 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, size = 92642 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 48, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 49, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\IcF1qMW8Ow.doc | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\IcF1qMW8Ow.doc | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\Ld7trnreSqi.doc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\Ld7trnreSqi.doc, size = 4281, size_out = 4281 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, size = 4281 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\5154BE9C1011AFD27B96A6C6143E941A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 49, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 50, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\Ld7trnreSqi.doc | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\Ld7trnreSqi.doc | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\nmyti-BLd1o.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\nmyti-BLd1o.xlsx, size = 86061, size_out = 86061 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, size = 86061 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\F8F047460EB3954ECCCBC0D612CB7996.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 50, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 51, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\nmyti-BLd1o.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\nmyti-BLd1o.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\qOmkS_BDD92-oYj.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\qOmkS_BDD92-oYj.xls, size = 41640, size_out = 41640 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, size = 41640 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\E3E55C1830B142FC6C2B225E34DE2744.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 51, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 52, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\qOmkS_BDD92-oYj.xls | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\qOmkS_BDD92-oYj.xls | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\seND1DmmOud5.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\seND1DmmOud5.xls, size = 45740, size_out = 45740 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, size = 45740 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\73C0D9902A7964C0808D031B2E914908.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 52, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 53, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\seND1DmmOud5.xls | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\seND1DmmOud5.xls | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\tKsxqcE.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\tKsxqcE.csv, size = 52361, size_out = 52361 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, size = 52361 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\0FE24CF432281F2497377D743655036C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 53, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 54, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\tKsxqcE.csv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\tKsxqcE.csv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\xlbxUnchVTGwsFtof.doc, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\xlbxUnchVTGwsFtof.doc, size = 86335, size_out = 86335 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, size = 86335 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\7D60B7A8152CECB0B780C8B61944D0F8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 54, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 55, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\xlbxUnchVTGwsFtof.doc | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\xlbxUnchVTGwsFtof.doc | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\ZN_ n.ots, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\ZN_ n.ots, size = 52949, size_out = 52949 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, size = 52949 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 55, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 56, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\ZN_ n.ots | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\ZN_ n.ots | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\zRPN8xkNuY7pBA7JA.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\zRPN8xkNuY7pBA7JA.csv, size = 23083, size_out = 23083 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, size = 23083 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 56, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 57, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\zRPN8xkNuY7pBA7JA.csv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\lhhNd9leW5xmlXw00JFa\ZW28zqHzfxAY2NV\zRPN8xkNuY7pBA7JA.csv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini, size = 216, size_out = 216 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, size = 216 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\BF7B86490294F06B45AC44D706ACD4B3.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 57, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 58, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico, size = 29926, size_out = 29926 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, size = 29926 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\7B7BA3C4205941180FE9457124712560.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 58, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 59, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst, size = 271360, size_out = 271360 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, size = 271360 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\7BA753503E40D4C00F297B124258B908.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 59, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 60, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini, size = 282, size_out = 282 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, size = 282 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\4645E01C4F3CCEC4EA018E655354B30C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 60, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 61, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Downloads\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini, size = 402, size_out = 402 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, size = 402 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\72A6C9432269CCE1A510518B2681B129.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 61, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 62, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini, size = 80, size_out = 80 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, size = 80 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\8E5ECE9444DBAF1A59BC413E48F39362.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 62, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 63, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url, size = 236, size_out = 236 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, size = 236 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\B8440918056E9F026EA48C8C0986834A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 63, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 64, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url, size = 226, size_out = 226 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, size = 226 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\15DC3754190A8EA84ED7A99B1D2272F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 65, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1B49B9E018F35807975DC8201D0B3C4F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 65, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 66, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, size = 56 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\FD9030E848C62D90344A51E94CDE11D8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 66, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 67, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\30FEF3B4011ABE0E503ED66C0532A256.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 67, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 68, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 68, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 69, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url, size = 134, size_out = 134 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, size = 134 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\1844FE2A092A01627C9EB5E50D41E5AA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 69, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 70, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\833DF956476C97EAEAF8AD0B4B847C32.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 70, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 71, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\13771DB6235C0ADD78BD03922773EF25.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 71, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 72, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 72, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 73, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\94764F5B3C2DC73EAED48D494045AB86.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 73, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 74, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, size = 14 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\583CA788134302604AF8FA2E175AE6A8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 74, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 75, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\880F5E93248AC126C0E08BB728B7A56E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 75, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 76, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 76, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 77, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\D9B986602FBC15FEC37446303428FA46.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 77, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 78, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\FD9D491315D8C1EEE26AF31719F0A636.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 78, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 79, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url, size = 133, size_out = 133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, size = 133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\A58916D017654CD0CF379F2B1B923118.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 79, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 80, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini, size = 580, size_out = 580 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, size = 580 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 80, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 81, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk, size = 929, size_out = 929 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, size = 929 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\61C67744188385C0EADA50E91CF06A08.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 84, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 85, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Downloads.lnk | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk, size = 363, size_out = 363 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, size = 363 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\02D36BF7229FBF1A2D198367271CA362.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 81, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 82, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\RecentPlaces.lnk | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\11DaFVcd U6Q75nbu_.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\11DaFVcd U6Q75nbu_.wav, size = 9130, size_out = 9130 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, size = 9130 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\95567F6E0CF2434A8F3CB62A111F2792.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 82, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 83, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\11DaFVcd U6Q75nbu_.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\11DaFVcd U6Q75nbu_.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8YglZU.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8YglZU.wav, size = 25334, size_out = 25334 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, size = 25334 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 83, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 84, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8YglZU.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\8YglZU.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ae42UeoE.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ae42UeoE.wav, size = 4469, size_out = 4469 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, size = 4469 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FCD862501902E584E01CEFE81DABC9CC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 85, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 86, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ae42UeoE.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Ae42UeoE.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini, size = 504, size_out = 504 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, size = 504 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\5EF7279E2ED18E2582C79CC632E9726D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 86, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 87, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ImbzlHSAeRD0mYdABk.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ImbzlHSAeRD0mYdABk.mp3, size = 76583, size_out = 76583 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, size = 76583 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\129DFDC608A49A7CBFF35CF70D217EC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 87, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 88, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ImbzlHSAeRD0mYdABk.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\ImbzlHSAeRD0mYdABk.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JKoqX.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JKoqX.wav, size = 65745, size_out = 65745 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, size = 65745 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\35A8A5603BE70712A81D33D040A3EB5A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 88, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 89, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JKoqX.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\JKoqX.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\yV_ r.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\yV_ r.m4a, size = 16111, size_out = 16111 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, size = 16111 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\3DAB40862FBD462437E5810B348A2A6C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 90, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 91, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\yV_ r.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\yV_ r.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a, size = 95737, size_out = 95737 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, size = 95737 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\70CB960A1797B0A14EB31B321C2694E9.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 91, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 92, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a | 2 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a, size = 95737, size_out = 95737 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, size = 95737 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 93, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 94, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a | 2 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a, size = 95737, size_out = 95737 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, size = 95737 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\B169CAD546C877A0159FDF7F4B675BE8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 89, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 90, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z9ycP6znphCfb.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a, size = 83288, size_out = 83288 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, size = 83288 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\51A5A3C031894064FCB3CED0366624AC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 92, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 93, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a, size = 83288, size_out = 83288 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, size = 83288 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 94, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 95, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6Fs5O-wZK5i.m4a | 2 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9tkObc3F16FjSYiAwFD.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9tkObc3F16FjSYiAwFD.wav, size = 91200, size_out = 91200 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, size = 91200 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\EED603F80D860CC870D6498A119DF110.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 95, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 96, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9tkObc3F16FjSYiAwFD.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9tkObc3F16FjSYiAwFD.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\aF_IB.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\aF_IB.m4a, size = 15812, size_out = 15812 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, size = 15812 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\1037641408F8F044B7533AA10D10D48C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 96, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 97, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\aF_IB.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\aF_IB.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\jEamZMQ.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\jEamZMQ.mp3, size = 52568, size_out = 52568 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, size = 52568 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 97, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 98, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\jEamZMQ.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\jEamZMQ.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\JO1Lf.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\JO1Lf.m4a, size = 82338, size_out = 82338 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, size = 82338 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\A191878831212978B3B60CE1354E0DC0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 98, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 99, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\JO1Lf.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\JO1Lf.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\oKJQx_NM6hXc.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\oKJQx_NM6hXc.mp3, size = 55238, size_out = 55238 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, size = 55238 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\6D35692C49D86B1ADE80FADA4DF04F62.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 99, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 100, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\oKJQx_NM6hXc.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\oKJQx_NM6hXc.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\TWlZw1pNzI1gwZW3OH.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\TWlZw1pNzI1gwZW3OH.mp3, size = 1178, size_out = 1178 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, size = 1178 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\E003588E3DA0B59DC1493EC641B899E5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 100, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 101, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\TWlZw1pNzI1gwZW3OH.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\TWlZw1pNzI1gwZW3OH.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\UazSw8R1r.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\UazSw8R1r.wav, size = 84111, size_out = 84111 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, size = 84111 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\54E892FC383D1FA0EE2D03953C6A03E8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 101, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 102, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\UazSw8R1r.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\UazSw8R1r.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\X7t8w3.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\X7t8w3.m4a, size = 37954, size_out = 37954 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7720e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, size = 37954 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x77200000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7722779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\23947E243409DC7CAF2C62063821C0C4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 102, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 103, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76a389b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\X7t8w3.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\X7t8w3.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\2zrMBovJou.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\2zrMBovJou.wav, size = 91071, size_out = 91071 | 1 |
Fn
Data
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\btD83YaGWQR.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\btD83YaGWQR.m4a, size = 31101, size_out = 31101 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #2 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop VVS |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xa1c |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A20
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003e0000 | 0x003e0000 | 0x004dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000650000 | 0x00650000 | 0x0065ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000660000 | 0x00660000 | 0x007e7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007f0000 | 0x007f0000 | 0x00970fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000980000 | 0x00980000 | 0x01d7ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001d80000 | 0x01d80000 | 0x020c2fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x020d0000 | 0x0239efff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83179 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xb04, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000424 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #3 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop wscsvc |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xa28 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A2C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x0014ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x001f0000 | 0x00256fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000480000 | 0x00480000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000680000 | 0x00680000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000690000 | 0x00690000 | 0x00817fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x009a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000009b0000 | 0x009b0000 | 0x01daffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001db0000 | 0x01db0000 | 0x020f2fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02100000 | 0x023cefff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83101 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xae4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000426 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #4 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop WinDefend |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xa44 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A48
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00110000 | 0x00176fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003d0000 | 0x003d0000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000590000 | 0x00590000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000690000 | 0x00690000 | 0x00817fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x009a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000009b0000 | 0x009b0000 | 0x01daffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001db0000 | 0x01db0000 | 0x020f2fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02100000 | 0x023cefff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83522 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xb28, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000426 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #5 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop wuauserv |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xa64 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A68
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000b0000 | 0x000b0000 | 0x000effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000130000 | 0x00130000 | 0x001affff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004e0000 | 0x004e0000 | 0x004effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000004f0000 | 0x004f0000 | 0x00677fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000680000 | 0x00680000 | 0x00800fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000810000 | 0x00810000 | 0x01c0ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001c10000 | 0x01c10000 | 0x01f52fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x01f60000 | 0x0222efff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83210 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xad4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000426 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #6 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop BITS |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xa78 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A7C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x002bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x003d0000 | 0x00436fff | Memory Mapped File | Readable |
|
|||
private_0x00000000005c0000 | 0x005c0000 | 0x005cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000005d0000 | 0x005d0000 | 0x00757fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000760000 | 0x00760000 | 0x008e0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000008f0000 | 0x008f0000 | 0x01ceffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001cf0000 | 0x01cf0000 | 0x02032fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02040000 | 0x0230efff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83117 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xadc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000426 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #7 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop ERSvc |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xa94 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A98
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00170000 | 0x001d6fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000590000 | 0x00590000 | 0x0059ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000005a0000 | 0x005a0000 | 0x00727fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000730000 | 0x00730000 | 0x008b0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000008c0000 | 0x008c0000 | 0x01cbffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001cc0000 | 0x01cc0000 | 0x02002fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02010000 | 0x022defff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83616 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xb34, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000424 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #8 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C sc stop WerSvc |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xaa8 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AAC
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000340000 | 0x00340000 | 0x004c7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000520000 | 0x00520000 | 0x0059ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000005a0000 | 0x005a0000 | 0x00720fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000780000 | 0x00780000 | 0x0087ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000880000 | 0x00880000 | 0x01c7ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001c80000 | 0x01c80000 | 0x01fc2fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x01fd0000 | 0x0229efff | Memory Mapped File | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x74c80000 | 0x74c86fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83990 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Process | Create | process_name = C:\Windows\system32\sc.exe, os_pid = 0xb50, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000426 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #9 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop wuauserv |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xad4 |
Parent PID | 0xa64 (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AD8
0x
B70
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
sc.exe.mui | 0x000c0000 | 0x000cffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
locale.nls | 0x00190000 | 0x001f6fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000290000 | 0x00290000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x00310000 | 0x003cffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000410000 | 0x00410000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000640000 | 0x00640000 | 0x0064ffff | Private Memory | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84193 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Control | service_name = wuauserv | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 73 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #10 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop BITS |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xadc |
Parent PID | 0xa78 (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AE0
0x
B48
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
sc.exe.mui | 0x00080000 | 0x0008ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
locale.nls | 0x00190000 | 0x001f6fff | Memory Mapped File | Readable |
|
|||
kernelbase.dll.mui | 0x00200000 | 0x002bffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000310000 | 0x00310000 | 0x0038ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000510000 | 0x00510000 | 0x0060ffff | Private Memory | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83756 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Control | service_name = BITS | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 73 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #11 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop wscsvc |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xae4 |
Parent PID | 0xa28 (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AE8
0x
B4C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000070000 | 0x00070000 | 0x000affff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x000b0000 | 0x00116fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|||
sc.exe.mui | 0x00170000 | 0x0017ffff | Memory Mapped File | Readable, Writable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003e0000 | 0x003e0000 | 0x003effff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x003f0000 | 0x004affff | Memory Mapped File | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83772 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Control | service_name = wscsvc | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 73 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #12 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C vssadmin.exe Delete Shadows /All /Quiet |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xaec |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AF0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000450000 | 0x00450000 | 0x004cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000005d0000 | 0x005d0000 | 0x006cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000840000 | 0x00840000 | 0x0084ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000850000 | 0x00850000 | 0x009d7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000009e0000 | 0x009e0000 | 0x00b60fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000b70000 | 0x00b70000 | 0x01f6ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001f70000 | 0x01f70000 | 0x022b2fff | Pagefile Backed Memory | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x73fa0000 | 0x73fa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84490 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
File | Get Info | filename = vssadmin.exe, type = file_attributes | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Set Environment String | name = COPYCMD | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCode, value = 00000002 | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Set Environment String | name = =ExitCodeAscii | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #13 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop VVS |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:20, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:01 |
Information | Value |
---|---|
PID | 0xb04 |
Parent PID | 0xa1c (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B08
0x
B44
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|||
sc.exe.mui | 0x00140000 | 0x0014ffff | Memory Mapped File | Readable, Writable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x00250000 | 0x0030ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x003bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:12 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 83912 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 98 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #14 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} recoveryenabled No |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:21, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:00 |
Information | Value |
---|---|
PID | 0xb14 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B18
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000005e0000 | 0x005e0000 | 0x0065ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000660000 | 0x00660000 | 0x007e7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000800000 | 0x00800000 | 0x008fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000900000 | 0x00900000 | 0x00a80fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000a90000 | 0x00a90000 | 0x01e8ffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001e90000 | 0x01e90000 | 0x021d2fff | Pagefile Backed Memory | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x73fa0000 | 0x73fa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84505 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
File | Get Info | filename = STD_ERROR_HANDLE, type = file_type | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 2 |
Fn
|
|
File | Write | filename = STD_ERROR_HANDLE, size = 98 | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #15 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop WinDefend |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:21, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:00 |
Information | Value |
---|---|
PID | 0xb28 |
Parent PID | 0xa44 (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B2C
0x
B5C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
sc.exe.mui | 0x00080000 | 0x0008ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
locale.nls | 0x00190000 | 0x001f6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002f0000 | 0x002f0000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x00370000 | 0x0042ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000004d0000 | 0x004d0000 | 0x005cffff | Private Memory | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84131 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Control | service_name = WinDefend | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 73 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #16 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop ERSvc |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:21, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:00 |
Information | Value |
---|---|
PID | 0xb34 |
Parent PID | 0xa94 (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B38
0x
B58
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
sc.exe.mui | 0x00080000 | 0x0008ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00110000 | 0x00176fff | Memory Mapped File | Readable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002c0000 | 0x002c0000 | 0x002fffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x00300000 | 0x003bffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000004d0000 | 0x004d0000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000720000 | 0x00720000 | 0x0081ffff | Private Memory | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84100 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 98 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #17 |
File Name | c:\windows\syswow64\sc.exe |
Command Line | sc stop WerSvc |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:21, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:00 |
Information | Value |
---|---|
PID | 0xb50 |
Parent PID | 0xaa8 (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B54
0x
B74
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
sc.exe.mui | 0x00080000 | 0x0008ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|||
sc.exe | 0x00180000 | 0x0018bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000260000 | 0x00260000 | 0x002dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000350000 | 0x00350000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x00450000 | 0x0050ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000005f0000 | 0x005f0000 | 0x005fffff | Private Memory | Readable, Writable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84302 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\sc.exe, base_address = 0x180000 | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Open | database_name = SERVICES_ACTIVE_DATABASE | 1 |
Fn
|
|
Service | Control | service_name = WerSvc | 1 |
Fn
|
|
File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type | 1 |
Fn
|
|
File | Write | filename = STD_OUTPUT_HANDLE, size = 73 | 1 |
Fn
Data
|
Information | Value |
---|---|
ID | #18 |
File Name | c:\windows\syswow64\cmd.exe |
Command Line | "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:21, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:04:00 |
Information | Value |
---|---|
PID | 0xb68 |
Parent PID | 0x9c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B6C
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000420000 | 0x00420000 | 0x005a7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000005c0000 | 0x005c0000 | 0x0063ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000640000 | 0x00640000 | 0x007c0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000007e0000 | 0x007e0000 | 0x008dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000008e0000 | 0x008e0000 | 0x01cdffff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000001ce0000 | 0x01ce0000 | 0x02022fff | Pagefile Backed Memory | Readable |
|
|||
cmd.exe | 0x4a510000 | 0x4a55bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winbrand.dll | 0x73fa0000 | 0x73fa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:02:13 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 84614 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a510000 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76a4a84f | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 3 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 2 |
Fn
|
|
Environment | Get Environment String | - | 2 |
Fn
Data
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
Environment | Get Environment String | name = PROMPT | 1 |
Fn
|
|
Environment | Set Environment String | name = PROMPT, value = $P$G | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe | 1 |
Fn
|
|
Environment | Get Environment String | name = KEYS | 1 |
Fn
|
|
File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes | 2 |
Fn
|
|
Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76a20000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76a53b92 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76a34a5d | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76a4a79d | 1 |
Fn
|
|
Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ | 1 |
Fn
|
|
Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
File | Get Info | filename = STD_ERROR_HANDLE, type = file_type | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 2 |
Fn
|
|
File | Write | filename = STD_ERROR_HANDLE, size = 98 | 1 |
Fn
Data
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 2 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
Information | Value |
---|---|
ID | #19 |
File Name | c:\windows\syswow64\vssadmin.exe |
Command Line | vssadmin.exe Delete Shadows /All /Quiet |
Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
Monitor | Start Time: 00:00:22, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:03:59 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0xb98 |
Parent PID | 0xaec (c:\windows\syswow64\cmd.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B9C
0x
BAC
0x
BB0
0x
BB4
0x
BB8
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | Readable, Writable |
|
|||
vssadmin.exe.mui | 0x00080000 | 0x0008cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000b0000 | 0x000b0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00130000 | 0x00196fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000001d0000 | 0x001d0000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000220000 | 0x00220000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
vssadmin.exe | 0x00380000 | 0x0039efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000003e0000 | 0x003e0000 | 0x004dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000004e0000 | 0x004e0000 | 0x00667fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000006c0000 | 0x006c0000 | 0x006cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000006d0000 | 0x006d0000 | 0x00850fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000860000 | 0x00860000 | 0x01c5ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001ce0000 | 0x01ce0000 | 0x01d1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d20000 | 0x01d20000 | 0x01d5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001db0000 | 0x01db0000 | 0x01deffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x01df0000 | 0x020befff | Memory Mapped File | Readable |
|
|||
vssapi.dll | 0x73b70000 | 0x73c85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x73f80000 | 0x73f93fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x74bd0000 | 0x74bd7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x74be0000 | 0x74c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74c40000 | 0x74c7efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
vsstrace.dll | 0x74c80000 | 0x74c8ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74de0000 | 0x74e1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74e20000 | 0x74e35fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x75000000 | 0x7500dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75260000 | 0x753bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x75660000 | 0x7574ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x75750000 | 0x757defff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x76430000 | 0x7652ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x767d0000 | 0x7689bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x768a0000 | 0x768fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x76900000 | 0x76982fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76a20000 | 0x76b2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76c90000 | 0x76cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76ce0000 | 0x76d8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x76e20000 | 0x76eaffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76f00000 | 0x76f9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76fa0000 | 0x76fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x77200000 | 0x7729ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000772a0000 | 0x772a0000 | 0x773befff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000773c0000 | 0x773c0000 | 0x774b9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Information | Value |
---|---|
ID | #22 |
File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe |
Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:16, Reason: Autostart |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:03:05 |
Information | Value |
---|---|
PID | 0x544 |
Parent PID | 0x45c (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
548
0x
60C
0x
634
0x
640
0x
644
0x
690
0x
6AC
0x
6C4
0x
6DC
0x
6FC
0x
710
0x
718
0x
728
0x
734
0x
750
0x
760
0x
774
0x
780
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b6fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000001f0000 | 0x001f0000 | 0x001f1fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x00200000 | 0x00200fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000290000 | 0x00290000 | 0x00291fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Pagefile Backed Memory | Readable |
|
|||
cversions.1.db | 0x002b0000 | 0x002b3fff | Memory Mapped File | Readable |
|
|||
private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db | 0x002d0000 | 0x002edfff | Memory Mapped File | Readable |
|
|||
private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x003f0000 | 0x00456fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000004a0000 | 0x004a0000 | 0x004a0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000004d0000 | 0x004d0000 | 0x00657fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000660000 | 0x00660000 | 0x007e0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007f0000 | 0x007f0000 | 0x01beffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001bf0000 | 0x01bf0000 | 0x01c6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c70000 | 0x01c70000 | 0x01d9ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001c70000 | 0x01c70000 | 0x01d4efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001d50000 | 0x01d50000 | 0x01d50fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d60000 | 0x01d60000 | 0x01d9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001da0000 | 0x01da0000 | 0x01da0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001db0000 | 0x01db0000 | 0x01deffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001df0000 | 0x01df0000 | 0x021e2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000021f0000 | 0x021f0000 | 0x022effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022f0000 | 0x022f0000 | 0x0232ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x02330000 | 0x0236bfff | Memory Mapped File | Readable |
|
|||
private_0x0000000002330000 | 0x02330000 | 0x0236ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002370000 | 0x02370000 | 0x023affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023b0000 | 0x023b0000 | 0x023b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023c0000 | 0x023c0000 | 0x02487fff | Private Memory | Readable, Writable, Executable |
|
|||
sortdefault.nls | 0x02490000 | 0x0275efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002760000 | 0x02760000 | 0x0285ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002860000 | 0x02860000 | 0x0295ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002960000 | 0x02960000 | 0x02a5ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x02a60000 | 0x02b1ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002b20000 | 0x02b20000 | 0x02b5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b60000 | 0x02b60000 | 0x02c5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c60000 | 0x02c60000 | 0x02d5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d60000 | 0x02d60000 | 0x02d9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002da0000 | 0x02da0000 | 0x02e9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ea0000 | 0x02ea0000 | 0x02f9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002fa0000 | 0x02fa0000 | 0x02fdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002fe0000 | 0x02fe0000 | 0x030dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030f0000 | 0x030f0000 | 0x030f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003100000 | 0x03100000 | 0x03100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003110000 | 0x03110000 | 0x03110fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003120000 | 0x03120000 | 0x03120fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03130fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003140000 | 0x03140000 | 0x03140fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003150000 | 0x03150000 | 0x03150fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003160000 | 0x03160000 | 0x03160fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003180000 | 0x03180000 | 0x03180fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003190000 | 0x03190000 | 0x03190fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x031a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031b0000 | 0x031b0000 | 0x031b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031c0000 | 0x031c0000 | 0x031c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031d0000 | 0x031d0000 | 0x031d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031e0000 | 0x031e0000 | 0x031e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031f0000 | 0x031f0000 | 0x031f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003200000 | 0x03200000 | 0x03200fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003210000 | 0x03210000 | 0x03210fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003220000 | 0x03220000 | 0x03220fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003230000 | 0x03230000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003240000 | 0x03240000 | 0x03240fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003250000 | 0x03250000 | 0x03250fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003260000 | 0x03260000 | 0x03260fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003270000 | 0x03270000 | 0x03270fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003280000 | 0x03280000 | 0x03280fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003290000 | 0x03290000 | 0x03290fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032b0000 | 0x032b0000 | 0x032b0fff | Private Memory | Readable, Writable |
|
|||
xzzx_cryptmix.vir.exe | 0x55820000 | 0x5585bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x729a0000 | 0x729a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pdh.dll | 0x729b0000 | 0x729ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x729f0000 | 0x72a73fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credssp.dll | 0x731a0000 | 0x731a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x731b0000 | 0x731c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x731f0000 | 0x7326ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x73270000 | 0x7340dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73410000 | 0x73417fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73420000 | 0x7347bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73480000 | 0x734befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x74840000 | 0x74860fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x74870000 | 0x74964fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74970000 | 0x7497dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74980000 | 0x749bafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x749c0000 | 0x749d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x749f0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74a00000 | 0x74a5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x74a60000 | 0x74abffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x74ad0000 | 0x74b5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x74b90000 | 0x74c0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x74c10000 | 0x74c36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x74c40000 | 0x74c85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x74c90000 | 0x74ca1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x74cb0000 | 0x758f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75960000 | 0x759fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x75a90000 | 0x75b12fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75c50000 | 0x75cdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75ce0000 | 0x75deffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75df0000 | 0x75e46fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x75e50000 | 0x75eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x76030000 | 0x76074fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76280000 | 0x7632bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76330000 | 0x76348fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x76350000 | 0x764abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x764b0000 | 0x765affff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x766f0000 | 0x767bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x767c0000 | 0x767c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x767d0000 | 0x768bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x768c0000 | 0x76a5cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076aa0000 | 0x76aa0000 | 0x76bbefff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000076bc0000 | 0x76bc0000 | 0x76cb9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76cc0000 | 0x76e68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76ea0000 | 0x7701ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 67 entries are omitted.
The remaining entries can be found in flog.txt. |
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:03:07 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 16380 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75cf4f2b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75cf1252 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75cf4208 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75cf359f | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75cf4a2d | 1 |
Fn
|
|
Window | Set Attribute | index = 18446744073709551612, new_long = 0 | 1 |
Fn
|
|
COM | Create | interface = 00000112-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER | 1 |
Fn
|
|
Debug | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, type = DEBUG_STRING, text = Class not registered | 1 |
Fn
|
||
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\xzzx_cryptmix.vir.exe, base_address = 0x55820000 | 1 |
Fn
|
|
Window | Create | window_name = Press, class_name = BUTTON, wndproc_parameter = 0 | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
For performance reasons, the remaining 427 entries are omitted.
The remaining entries can be found in glog.xml. |
Information | Value |
---|---|
ID | #23 |
File Name | c:\programdata\bce1010314.exe |
Command Line | "C:\ProgramData\BCE1010314.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:16, Reason: Autostart |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:03:05 |
Information | Value |
---|---|
PID | 0x54c |
Parent PID | 0x45c (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
550
0x
5F8
0x
614
0x
660
0x
664
0x
68C
0x
6A8
0x
6B4
0x
6D4
0x
6E8
0x
70C
0x
724
0x
730
0x
74C
0x
75C
0x
770
0x
77C
0x
720
0x
7B4
0x
7C8
0x
7EC
0x
344
0x
798
0x
6A4
0x
780
0x
688
0x
60C
0x
634
0x
640
0x
690
0x
6AC
0x
6C4
0x
6DC
0x
6FC
0x
710
0x
718
0x
728
0x
734
0x
750
0x
760
0x
774
0x
548
0x
544
0x
540
0x
408
0x
79C
0x
340
0x
7A0
0x
6CC
0x
7F0
0x
318
0x
5C4
0x
610
0x
484
0x
65C
0x
608
0x
62C
0x
658
0x
694
0x
6B0
0x
6C8
0x
6E0
0x
700
0x
714
0x
71C
0x
72C
0x
764
0x
738
0x
754
0x
778
0x
784
0x
564
0x
560
0x
604
0x
420
0x
600
0x
5DC
0x
5F4
0x
5FC
0x
5D8
0x
5D4
0x
64
0x
594
0x
5CC
0x
804
0x
808
0x
80C
0x
810
0x
814
0x
81C
0x
824
0x
828
0x
82C
0x
830
0x
834
0x
838
0x
83C
0x
840
0x
844
0x
848
0x
84C
0x
850
0x
854
0x
858
0x
85C
0x
860
0x
864
0x
868
0x
86C
0x
870
0x
874
0x
878
0x
880
0x
884
0x
888
0x
88C
0x
894
0x
898
0x
89C
0x
8A0
0x
8A4
0x
8A8
0x
8AC
0x
8B0
0x
8B4
0x
8B8
0x
8BC
0x
8C0
0x
8C4
0x
8C8
0x
8CC
0x
8D0
0x
8D4
0x
8D8
0x
8DC
0x
8E0
0x
8E4
0x
8E8
0x
8EC
0x
8F0
0x
8F4
0x
8F8
0x
8FC
0x
900
0x
904
0x
908
0x
90C
0x
910
0x
914
0x
918
0x
91C
0x
928
0x
92C
0x
930
0x
934
0x
938
0x
93C
0x
940
0x
944
0x
948
0x
94C
0x
950
0x
954
0x
958
0x
95C
0x
960
0x
964
0x
968
0x
96C
0x
970
0x
974
0x
978
0x
97C
0x
980
0x
984
0x
988
0x
98C
0x
990
0x
994
0x
998
0x
99C
0x
9A0
0x
9A4
0x
9A8
0x
9AC
0x
9B0
0x
9B4
0x
9B8
0x
9BC
0x
9C0
0x
9C4
0x
9C8
0x
9CC
0x
9D4
0x
9D8
0x
9DC
0x
9E0
0x
9E4
0x
9E8
0x
9EC
0x
9F0
0x
9FC
0x
A0C
0x
A14
0x
A24
0x
A30
0x
A44
0x
A48
0x
A4C
0x
A50
0x
A54
0x
A58
0x
A5C
0x
A60
0x
A64
0x
A68
0x
A6C
0x
A70
0x
A74
0x
A78
0x
A7C
0x
A80
0x
A84
0x
A88
0x
A8C
0x
A90
0x
A94
0x
A98
0x
A9C
0x
AA0
0x
AA4
0x
AB0
0x
AB4
0x
AB8
0x
ABC
0x
AC0
0x
AC4
0x
AC8
0x
ACC
0x
AD0
0x
AD4
0x
AD8
0x
ADC
0x
AE0
0x
AE4
0x
AE8
0x
AEC
0x
AF0
0x
AF4
0x
AF8
0x
AFC
0x
B00
0x
B04
0x
B08
0x
B10
0x
B14
0x
B18
0x
B1C
0x
B20
0x
B24
0x
B28
0x
B2C
0x
B30
0x
B38
0x
B3C
0x
B40
0x
B44
0x
B48
0x
B4C
0x
B50
0x
B54
0x
B58
0x
B5C
0x
B60
0x
B64
0x
B68
0x
B6C
0x
B70
0x
B74
0x
B78
0x
B7C
0x
B80
0x
B84
0x
B88
0x
B8C
0x
B90
0x
B94
0x
B98
0x
BA8
0x
BAC
0x
BB0
0x
BB4
0x
BB8
0x
BBC
0x
BC0
0x
BC4
0x
BC8
0x
BCC
0x
BD0
0x
BD4
0x
BD8
0x
BDC
0x
BE0
0x
BE4
0x
BE8
0x
BEC
0x
BF0
0x
BF4
0x
BF8
0x
BFC
0x
328
0x
404
0x
448
0x
7F4
0x
444
0x
890
0x
A10
0x
A34
0x
A40
0x
B0C
0x
2CC
0x
118
0x
1C8
0x
210
0x
124
0x
C0
0x
C4
0x
90
0x
500
0x
5A4
0x
58C
0x
920
0x
924
0x
6F4
0x
588
0x
684
0x
34C
0x
638
0x
744
0x
68C
0x
3BC
0x
740
0x
3CC
0x
6D8
0x
724
0x
660
0x
70C
0x
6A8
0x
77C
0x
6E8
0x
74C
0x
730
0x
614
0x
6D4
0x
6B4
0x
474
0x
23C
0x
53C
0x
4E8
0x
22C
0x
6EC
0x
254
0x
228
0x
618
0x
4F0
0x
758
0x
314
0x
6F8
0x
790
0x
348
0x
51C
0x
36C
0x
2B4
0x
57C
0x
6A0
0x
214
0x
364
0x
368
0x
678
0x
158
0x
320
0x
570
0x
67C
0x
598
0x
424
0x
138
0x
584
0x
440
0x
59C
0x
5D0
0x
528
0x
578
0x
24C
0x
398
0x
248
0x
A3C
0x
A2C
0x
180
0x
A20
0x
A28
0x
1D4
0x
818
0x
820
0x
C08
0x
C0C
0x
C10
0x
C14
0x
C18
0x
C1C
0x
C20
0x
C24
0x
C28
0x
C2C
0x
C30
0x
C34
0x
C38
0x
C40
0x
C44
0x
C48
0x
C4C
0x
C50
0x
C54
0x
C58
0x
C5C
0x
C60
0x
C64
0x
C68
0x
C6C
0x
C70
0x
C74
0x
C78
0x
C7C
0x
C80
0x
C84
0x
C88
0x
C8C
0x
C90
0x
C94
0x
C98
0x
C9C
0x
CA0
0x
CA4
0x
CA8
0x
CAC
0x
CB0
0x
CB4
0x
CB8
0x
CBC
0x
CC0
0x
CC4
0x
CC8
0x
CCC
0x
CD0
0x
CD4
0x
CD8
0x
CDC
0x
CE0
0x
CE4
0x
CE8
0x
D3C
0x
D4C
0x
D50
0x
D54
0x
D58
0x
D5C
0x
D60
0x
D68
0x
D6C
0x
D94
0x
D9C
0x
DA0
0x
DA4
0x
DA8
0x
DB0
0x
DB4
0x
DB8
0x
DBC
0x
DC0
0x
DC4
0x
DC8
0x
DCC
0x
DD0
0x
DD4
0x
DD8
0x
DDC
0x
DE0
0x
DE4
0x
DE8
0x
DEC
0x
DF0
0x
DF4
0x
DFC
0x
E00
0x
E04
0x
E08
0x
E0C
0x
E10
0x
E14
0x
E18
0x
E1C
0x
E20
0x
E24
0x
E28
0x
E2C
0x
E30
0x
E38
0x
E3C
0x
E40
0x
E44
0x
E48
0x
E4C
0x
E50
0x
E54
0x
E58
0x
E5C
0x
E60
0x
E64
0x
E68
0x
E6C
0x
E70
0x
E74
0x
E78
0x
E7C
0x
E80
0x
E84
0x
E88
0x
E8C
0x
E90
0x
E94
0x
E98
0x
EA0
0x
EA4
0x
EA8
0x
EAC
0x
EB0
0x
EB4
0x
EB8
0x
EBC
0x
EC0
0x
EC4
0x
EC8
0x
ECC
0x
ED0
0x
ED4
0x
ED8
0x
EDC
0x
EE0
0x
EE4
0x
EE8
0x
EEC
0x
EF0
0x
EF4
0x
EF8
0x
EFC
0x
F00
0x
F04
0x
F08
0x
F0C
0x
F10
0x
F14
0x
F18
0x
F1C
0x
F20
0x
F24
0x
F28
0x
F2C
0x
F30
0x
F34
0x
F38
0x
F3C
0x
F40
0x
F44
0x
F48
0x
F4C
0x
F50
0x
F54
0x
F58
0x
F5C
0x
F60
0x
F64
0x
F68
0x
F6C
0x
F70
0x
F74
0x
F78
0x
F7C
0x
F80
0x
F84
0x
F88
0x
F8C
0x
F90
0x
F94
0x
F98
0x
F9C
0x
FA0
0x
FA4
0x
FA8
0x
FAC
0x
FB0
0x
FB4
0x
FB8
0x
FBC
0x
FC0
0x
FC4
0x
FC8
0x
FCC
0x
FD0
0x
FD4
0x
FD8
0x
FDC
0x
FE0
0x
FE4
0x
FE8
0x
FEC
0x
102C
0x
1038
0x
1040
0x
1044
0x
1048
0x
104C
0x
1050
0x
1054
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
0x
10B4
0x
10B8
0x
10BC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1154
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
0x
11C0
0x
11C4
0x
11C8
0x
11CC
0x
11D0
0x
11D4
0x
11D8
0x
11DC
0x
11E0
0x
11E4
0x
11E8
0x
11EC
0x
11F0
0x
11F4
0x
11F8
0x
11FC
0x
1200
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
1290
0x
1298
0x
129C
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
0x
1304
0x
1308
0x
130C
0x
1310
0x
1314
0x
1318
0x
131C
0x
1320
0x
1324
0x
1328
0x
132C
0x
1330
0x
1334
0x
1338
0x
133C
0x
1340
0x
1344
0x
1348
0x
134C
0x
1350
0x
1354
0x
1358
0x
135C
0x
1360
0x
1364
0x
1368
0x
136C
0x
1370
0x
1374
0x
1378
0x
137C
0x
1380
0x
1384
0x
1388
0x
138C
0x
1390
0x
1394
0x
1398
0x
139C
0x
13A0
0x
13A4
0x
13A8
0x
13AC
0x
13B0
0x
13B4
0x
13B8
0x
13BC
0x
13C0
0x
13C4
0x
13C8
0x
13CC
0x
13D4
0x
13D8
0x
13DC
0x
13E0
0x
13E4
0x
13E8
0x
13EC
0x
13F0
0x
13F4
0x
13F8
0x
13FC
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000220000 | 0x00220000 | 0x00226fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000230000 | 0x00230000 | 0x00231fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000240000 | 0x00240000 | 0x00240fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002d0000 | 0x002d0000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000350000 | 0x00350000 | 0x00351fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x00360000 | 0x00360fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000360000 | 0x00360000 | 0x00360fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x0046ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000470000 | 0x00470000 | 0x005f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000600000 | 0x00600000 | 0x00601fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000610000 | 0x00610000 | 0x00610fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000620000 | 0x00620000 | 0x0062ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000630000 | 0x00630000 | 0x007b0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007c0000 | 0x007c0000 | 0x01bbffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001bc0000 | 0x01bc0000 | 0x01c5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001bc0000 | 0x01bc0000 | 0x01bfffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c20000 | 0x01c20000 | 0x01c5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c60000 | 0x01c60000 | 0x01c9ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x01ca0000 | 0x01cdbfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x01ca0000 | 0x01cdbfff | Memory Mapped File | Readable |
|
|||
private_0x0000000001ca0000 | 0x01ca0000 | 0x01cdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ce0000 | 0x01ce0000 | 0x01ce0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001cf0000 | 0x01cf0000 | 0x01cf0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d00000 | 0x01d00000 | 0x01d0ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001d10000 | 0x01d10000 | 0x01deefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001df0000 | 0x01df0000 | 0x01e2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e30000 | 0x01e30000 | 0x01e6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e70000 | 0x01e70000 | 0x01e7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e80000 | 0x01e80000 | 0x01ebffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ec0000 | 0x01ec0000 | 0x01ec0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ed0000 | 0x01ed0000 | 0x01ed0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f00000 | 0x01f00000 | 0x01f3ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001f40000 | 0x01f40000 | 0x02332fff | Pagefile Backed Memory | Readable |
|
|||
kernelbase.dll.mui | 0x02340000 | 0x023fffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002410000 | 0x02410000 | 0x024d7fff | Private Memory | Readable, Writable, Executable |
|
|||
sortdefault.nls | 0x024e0000 | 0x027aefff | Memory Mapped File | Readable |
|
|||
private_0x00000000027b0000 | 0x027b0000 | 0x028affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028b0000 | 0x028b0000 | 0x029affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000029b0000 | 0x029b0000 | 0x02aaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ab0000 | 0x02ab0000 | 0x02baffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002bb0000 | 0x02bb0000 | 0x02caffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002cb0000 | 0x02cb0000 | 0x02daffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002db0000 | 0x02db0000 | 0x02eaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002eb0000 | 0x02eb0000 | 0x02eeffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ef0000 | 0x02ef0000 | 0x02feffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ff0000 | 0x02ff0000 | 0x02ff0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003000000 | 0x03000000 | 0x03000fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003010000 | 0x03010000 | 0x03010fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003020000 | 0x03020000 | 0x03020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003030000 | 0x03030000 | 0x03030fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003040000 | 0x03040000 | 0x03040fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003050000 | 0x03050000 | 0x03050fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003060000 | 0x03060000 | 0x03060fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003070000 | 0x03070000 | 0x03070fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003080000 | 0x03080000 | 0x03080fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003090000 | 0x03090000 | 0x03090fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030a0000 | 0x030a0000 | 0x030a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030b0000 | 0x030b0000 | 0x030b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030c0000 | 0x030c0000 | 0x030c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030d0000 | 0x030d0000 | 0x030d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030e0000 | 0x030e0000 | 0x030e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030f0000 | 0x030f0000 | 0x030f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003100000 | 0x03100000 | 0x03100fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003110000 | 0x03110000 | 0x03110fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003120000 | 0x03120000 | 0x03120fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03130fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003140000 | 0x03140000 | 0x03140fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003150000 | 0x03150000 | 0x03150fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003160000 | 0x03160000 | 0x03160fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003170000 | 0x03170000 | 0x03170fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003180000 | 0x03180000 | 0x03180fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003190000 | 0x03190000 | 0x03190fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x031a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031b0000 | 0x031b0000 | 0x031b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031c0000 | 0x031c0000 | 0x031c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031d0000 | 0x031d0000 | 0x031d0fff | Private Memory | Readable, Writable |
|
|||
bce1010314.exe | 0x55820000 | 0x5585bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x729a0000 | 0x729a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pdh.dll | 0x729b0000 | 0x729ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x729f0000 | 0x72a73fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credssp.dll | 0x731a0000 | 0x731a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x731b0000 | 0x731c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x731f0000 | 0x7326ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x73270000 | 0x7340dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73410000 | 0x73417fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73420000 | 0x7347bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73480000 | 0x734befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74970000 | 0x7497dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74980000 | 0x749bafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x749c0000 | 0x749d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x749f0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74a00000 | 0x74a5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x74a60000 | 0x74abffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x74ad0000 | 0x74b5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x74b90000 | 0x74c0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x74c10000 | 0x74c36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x74c40000 | 0x74c85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x74c90000 | 0x74ca1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x74cb0000 | 0x758f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75960000 | 0x759fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x75a90000 | 0x75b12fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75c50000 | 0x75cdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75ce0000 | 0x75deffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75df0000 | 0x75e46fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x75e50000 | 0x75eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76280000 | 0x7632bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76330000 | 0x76348fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x76350000 | 0x764abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x764b0000 | 0x765affff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x766f0000 | 0x767bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x767c0000 | 0x767c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x767d0000 | 0x768bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x768c0000 | 0x76a5cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076aa0000 | 0x76aa0000 | 0x76bbefff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000076bc0000 | 0x76bc0000 | 0x76cb9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76cc0000 | 0x76e68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76ea0000 | 0x7701ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 166 entries are omitted.
The remaining entries can be found in flog.txt. |
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\network shortcuts\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\printer shortcuts\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\recent\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\saved games\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\searches\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\sendto\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\templates\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\o903hcw\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\xarijr5atdl\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\wpc5n64xvm\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\documents\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\music\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\pictures\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\videos\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\downloads\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\favorites\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\libraries\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\music\sample music\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\pictures\sample pictures\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\recorded tv\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\public\recorded tv\sample media\_help_instruction.txt | 0.69 KB (708 bytes) |
MD5:
99b4288995857301d312d28c2291153d
SHA1: f769bff21786fd74b5657c5cee846df22a62061d SHA256: deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff |
|
|
c:\users\5p5nrgjn0js halpmcxz\dae2cc280af9f39884d63acc0f1ad7e0.xzzx | 0.18 KB (183 bytes) |
MD5:
b2039def62d30e627c9b07fafd0673f0
SHA1: bca033c20eed042b2664a66a20b995f565cd1f3c SHA256: 7ce75bcfdf2deb2417f0d59e7cf10a04b240c6ebdec5cc8badef61ca508977ea |
|
|
c:\users\5p5nrgjn0js halpmcxz\links\323285543e8b2cb8c06cf7b742ac1100.xzzx | 0.64 KB (651 bytes) |
MD5:
62b16e19c99fd8243826e8e98950e495
SHA1: d24985d4dc1fe659fb3dc15f9ce3c9d86a4491ad SHA256: 3d00cfde4b15dae436ce931573a8398c72eaac95a130b7120fb34d3257108a9a |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\c1c4370f268a7d85910c485d2aab61cd.xzzx | 21.99 KB (22519 bytes) |
MD5:
240b43be25efe63e1f408e37d9696c6b
SHA1: e0879ba8aa9a93bd697709922114e7801168ff0a SHA256: 2394a06d954932dfbc71dd95fadf5e3304bd14a5def37c4f7fd2edcd0304ba16 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\2addd7ce37de6c473adf3b8e3bff508f.xzzx | 45.39 KB (46477 bytes) |
MD5:
e39b41849bdd0332d45672be272b4620
SHA1: 6b5b1ae1dcd0bba156462139fb9a264822a74186 SHA256: ec4f62854d65ee70c596b1cf7843fe4324605a901cdb68980fd084a3d205ec49 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\d02310330d7f24f9ea0895e311a00941.xzzx | 89.10 KB (91242 bytes) |
MD5:
f50774acf57afae5e71525f52faaeb25
SHA1: 1853ed29d85cd3a68e6a55bca6c94ae1b87678c9 SHA256: f09d7ebfab87b1f5b605a4ab9cab0772d90be17aced00706ea51b8b8bc94a019 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\83899d5a26f059de25e7413f2b253e26.xzzx | 30.54 KB (31274 bytes) |
MD5:
d10c818bb4d914da6dfdfea0bb01a7e6
SHA1: 9d5c9a5c469896835b553f2e3bef0e954a977a68 SHA256: f9db39316db6031438344e25561408333082fa2dc2a8967577f745d83ac3ae51 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\b7d698fe122efca3a766339e164fe0eb.xzzx | 53.02 KB (54294 bytes) |
MD5:
bfa30e76fa7ddeac54bfaa4a1eb07dd6
SHA1: beddbe78af3e6370a6a59809b11242aaab0dcd92 SHA256: cd1ac8c8c3478f065dfd69c339a4810f66ad589849aa7ecef21d4761d926a755 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\ba853e823c01028a03c2dabb4021e6d2.xzzx | 64.24 KB (65783 bytes) |
MD5:
1a18f83d1a07042faae27ec212004fc7
SHA1: 7dab36dea57ef6d29a6dc1ff3cc283ba344abe80 SHA256: 5439703f2daa9c3d6e5b315f66b658df61e9779b172db5fffc8dbe7ce95c9987 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\ed39cab90ce3c63a3eaea7271104aa82.xzzx | 96.08 KB (98387 bytes) |
MD5:
18c9e588a3fcda5adb0f02ce418b91d0
SHA1: e403e5b94824bc2d324dc41789b394fd6457d114 SHA256: aa9262096177d24e6baac670a55493445557dc4111b074866193390946a7836b |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\64527b001382d7bf4d0a170017b7bc07.xzzx | 69.41 KB (71080 bytes) |
MD5:
cdf7e813a81aa2b0444d0c9c98e29582
SHA1: 52aa49e6b317a4de2e5d00fd15303dff3598ef85 SHA256: 09e5b647e4f6278febdaa8cd3fdd2ee3548729c3600842c050f1667041bd9437 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\3c85a2c827b882d0ac42f6272bd96718.xzzx | 36.73 KB (37612 bytes) |
MD5:
c65a17cd098714e19d51cfc5ecdb1023
SHA1: 2974c0d5c602f3085a5d183f0ea7ce9b2219005f SHA256: 8eccb912de0bfb6be7171414cfec242e12e832ff858a84ea9d3d02e6020a4cff |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\c3e4f2c10c4d8eea8ebc635b106e7332.xzzx | 35.94 KB (36804 bytes) |
MD5:
6f57c4a8651b73f8ebd30047c283e841
SHA1: fc01112eba47c1116ef298bf4311b05e72e69a30 SHA256: 3006c3eb7f514eb96d3f0af5780da1ec33aff5a95665e8da1b65b8d74ba6a330 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\663067de2a526aca340de0352e734f12.xzzx | 36.19 KB (37059 bytes) |
MD5:
a3938aa865947f87071a2eb0677336fe
SHA1: 062d9cfbbd8011c45499117c2f484459b1d061b5 SHA256: 1d589a287e67b3da350ad7f0f45e664ea02f4f539ec0ebab8faf40ecd2d31494 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\b7fe604f2a0f001fc8bf560f2e43e467.xzzx | 13.18 KB (13497 bytes) |
MD5:
c4512fa0fd838f4c472e21203165bba4
SHA1: 0e05d042c12507ea595ebb0a63ed35e89b1925c8 SHA256: 4ce63ed0b14ed548f7f6c45b349981e8f7ecafb4af35038c13fd39be48f38367 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\38dc595e3788a5ba7503b1493ba98a02.xzzx | 4.61 KB (4719 bytes) |
MD5:
cbeaf2ca1e75915b0d8527205c9d9a6d
SHA1: 2f386acd47075707a2c9129e4e9dc14f14dc0942 SHA256: 2276d1562d166c8e9fb40b2ddf89f0b675a9ff3380f3cf4ec2ed570b6585ab4a |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\6fb07fde0cb60f86500f11cf10d6f3ce.xzzx | 85.12 KB (87162 bytes) |
MD5:
6d0125605db26c4e0f8b95565d282869
SHA1: 133ec771ec03ab6d7d73039459dc118072665dc4 SHA256: f0ba3377a43ef0ad0b430587b05582891eea0379aefbbcd809ed818664008a9a |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\06c3ecfb13862898aa23710517bb0ce0.xzzx | 73.42 KB (75181 bytes) |
MD5:
a36bd7e43f7d725d97ff2456834a9002
SHA1: 87ffdf43d477a7b25a9bd0bc96d30d4445a59af3 SHA256: e9bf64a113c0da4269edc2323350071751316b8835f02d2b38a2f63b5a3a3aab |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\3006c810075ed0f01f3de7c50b7fb538.xzzx | 71.45 KB (73160 bytes) |
MD5:
32703d94c8004f5af95a05a2bf73eaec
SHA1: 4566c17688b08cc14c7af469ff070345324491f9 SHA256: 61984fdcb91c76f9757601b8d417185e1f2ebd7e7de2895314f3dda6b774a6dd |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\fa78694804c1e3566fc4cb7c08f6c79e.xzzx | 11.71 KB (11989 bytes) |
MD5:
61b4780ddb4cef52674aa59048ed79cf
SHA1: 83bd1949721e63db95db45e0e84018dd6c7a63eb SHA256: 8a00c4f976df1de2adbd90e8a22f129104a2ed9f57ce7c5a041b19990de38d4e |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\b02b14800a31a4c0c9dc8d360e528908.xzzx | 24.21 KB (24789 bytes) |
MD5:
e6c9ccec10faa0d8161da037781654a7
SHA1: 3ca595c29dbd209784461141b7d7bfc7c8d0d05d SHA256: f45bdff37bbb68fc1df62adb356a7a9f0651505f8108e2aa567cff8b01c757f5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\8f1540b007ab3ef89a8099c80bcc2340.xzzx | 84.31 KB (86336 bytes) |
MD5:
dac37b92f3b350f6db4cc8c5aef96ae1
SHA1: a36a2369aaef5b4e9613c09c1335bcf38a691b25 SHA256: 8c4626f55191efe770b12f08ffe6351d11a0e2a374b3a073ce099cf3294f0e60 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\b1210aaa2257fea8b6b1d3dd268ce2f0.xzzx | 68.41 KB (70050 bytes) |
MD5:
6fd0bc69ddcf19fc5c6254f0d7d6fc04
SHA1: c661ead23f9a7430689fadfea23026ec8595da0d SHA256: 3e34bb38bea675be765d4d16174213990815f791bda2fd93b4d784149d72d019 |
|
|
c:\users\5p5nrgjn0js halpmcxz\music\auosv3m 9vtnbjukze\9y_m-ovb2iyyx\dqopm\04bba0d020119813f8f6e49024327c5b.xzzx | 42.73 KB (43757 bytes) |
MD5:
a38e7e31386a89fd376cbca7680d20b2
SHA1: d22a5c6e2dfdacfa2fff49fe49e44076742de1e3 SHA256: 5088feebe02e08624518f48f079075aea5da9d5a7b91caf6e8afb07eef606342 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\7ec795ed37af1a88a52703f73bcffed0.xzzx | 36.34 KB (37217 bytes) |
MD5:
7b4304e41f7e2c553114742cb9d2bffa
SHA1: 5b0edfe55cbd86e40076750b0361601d2a41f4e5 SHA256: 457c4ad3baf404b6283865e698490dfe8ff2758f4fd86a8c444f262f4b78b638 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\c30cf4f82e58715357484b18328d559b.xzzx | 43.68 KB (44731 bytes) |
MD5:
81659e6d8a4d3f09a39929e30aa360db
SHA1: ef1a0dbe148270a9fc697f4f3891aa391b181041 SHA256: 06a01b93de3a8dcee6931d6fa3a7366938f9add6be9c7cc2104001e1329efe9e |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\7030d20732fb05ae512c0edb3744e9f6.xzzx | 39.58 KB (40531 bytes) |
MD5:
1cbd402274df267452bfa274914c6080
SHA1: dc2b4e6e4a8c0fe07c3fc99f5e7740087c7c2d10 SHA256: 13d6c9a2cef91b9152e03494dd9c96f7d61db20e3481f14a0b711a1a78b5519c |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\2187c5602f1adaf08d4383d0333bbf38.xzzx | 98.83 KB (101203 bytes) |
MD5:
cd06bb370021c00c6350b7c7eb47261d
SHA1: 980220a4cd8e02421027fef530def248157b6ef1 SHA256: 87eed63d5aecb471b4c10378e295b09c1c8b35337a7cf93730a48f44991db1d4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\3a2295cd2f8cd2df95e7618733c2b727.xzzx | 72.63 KB (74372 bytes) |
MD5:
ad680a42bc85a04ed95419664b71014c
SHA1: 72c41275051c06e888584d8331a850c106b8d3b5 SHA256: 9de74e25397160af6023ca1c02a2cc635a31a78be11a220c0e5a61f1aca943ca |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\8f82071c3e6aa36071d28504428b87a8.xzzx | 65.83 KB (67408 bytes) |
MD5:
34e27579b67f2c60e3489b22f44e591c
SHA1: 7a58a71298700908b61c94559e20e00e497be127 SHA256: ac7ee8bd496dbbeaceab4f13c0474455b5112ddf3b11b3174e17e22dfe0bc0e9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\c87868381959cc9c63dbf2ec1d8eb0e4.xzzx | 31.65 KB (32405 bytes) |
MD5:
01ffabd8a351dd16efd5a36e839bd2cb
SHA1: 926b2738a05aff1e072012083cf4f38029dbd853 SHA256: 9bd9fa41c4c7088c3a63fe232a2c3af0df9238c54c49c158b005c564eb632e59 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\567fb4290f0a7ce338c9770b132b612b.xzzx | 44.50 KB (45566 bytes) |
MD5:
b634e56d85233b3068a1cda8d98b5ba0
SHA1: 06edf4db53b5e6070e80d887955502ac151ce838 SHA256: dd608bf2ba28d95f65b04a4f7a03b27636e92c4c574970ae4dc1b36869bb3e24 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\6c73d824191052a8389547c51d5a36f0.xzzx | 8.44 KB (8641 bytes) |
MD5:
68d2b9d24a7a4eece3b3da3ef613eb0c
SHA1: 38c5bbea7d562bae9d38d8d7e42a5788983f02f7 SHA256: bfccc4844078e6ed7b7365c2e475a1956e88fc8d3ead5836b3e9daf8a2fb550a |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\7e711d900e3b4440af6b05f612702888.xzzx | 90.40 KB (92567 bytes) |
MD5:
23569ac415954190531f5ecef2910c70
SHA1: ac7e7d4002833e90535056812b3a0b3493c7b2fd SHA256: f2f0de02936d58418af02f1aaf9e73fc4fd54cb7c27fda4716412589e3875f7c |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\6d777c541da727448f863c8e21c80b8c.xzzx | 9.54 KB (9773 bytes) |
MD5:
e551e7fa4a29fa1bdd5004f5080eba92
SHA1: dba645106b2f139ca8882dd28d017118ffda5ba6 SHA256: db8cf6f94f8591c38359eceb41968552dd73ee6f12e4aff3fb241a87ab9ea5dd |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\f9ecb5d32975dbfcfcc9e4d92dbfc044.xzzx | 0.65 KB (669 bytes) |
MD5:
9d724294c450865e4b5f6082b36e91eb
SHA1: d90cc4e71ce9ef932f14392880b993f95454235e SHA256: 0cde438fabd02956bfe73b426c4d77fd405556dfdfd29eda2d20a4e2a439c27b |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\c22d6d6701d063bff430045506304807.xzzx | 19.24 KB (19700 bytes) |
MD5:
d64ec1513e3a2028b1bd26c5982f823d
SHA1: 4b9c1942066e6549c42c3c6f9232ad87c96ca7a8 SHA256: b484d77c382d22ec691ac430d5e130ae1cb374fef7b430060448d16a06c987c9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\6274bc861b7171923c3788ab1f9255da.xzzx | 22.50 KB (23042 bytes) |
MD5:
5c19c1cc897e424c8d26e9f929199572
SHA1: e5a9135494ec038a06a32c413329907dc65c3382 SHA256: becf1a665ce6667bc382264438668236dcf4b89b3ad4c7697ddbe0c31e102c7b |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\8facb48c4470f6be344be4a448a5db06.xzzx | 49.38 KB (50569 bytes) |
MD5:
04e263bd7644ed1d15968583f0c85d80
SHA1: 1f8b5ae02f12265019ac3b54d457b53ce2399c7d SHA256: aaa15e7c186db31370e8d30bfc45566c632a9d396084c006fa1693558730e2e5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\90eab1ce03d6a9ccf759aee907f78e14.xzzx | 30.44 KB (31169 bytes) |
MD5:
9185e6da04755916803253af9610bcc3
SHA1: 001357c52d1031bd6d3a6764e82fa8a01c0a3413 SHA256: 9c10e1ff51cad7520207b56e7392eae65aef9f9c91d9674653a9b7d121e05097 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\7852c7a011e028ad2e2e29a016150cf5.xzzx | 45.91 KB (47013 bytes) |
MD5:
51690523a617ebe50ac0a1883185c57e
SHA1: 1be85c36b261c66588c7cd4a8462979ca6bbdf37 SHA256: f33574b0a57e60334e77e4105ea8a9808f3a7298b8ce7a4d223e83d96bcf4b93 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\d59aafc73ffff3fe126a516d4420d846.xzzx | 26.96 KB (27604 bytes) |
MD5:
bf885c283aac8029907978a700d28c6d
SHA1: 487c094ed491ff83d6513f93c508b37cdab2cfb4 SHA256: 647a0708d0862aaa1422ad1cb3d79dc1d3539e2310b3e6e4af3ffbd01fc719b4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\5c36794d2643414f2fe671172a8d2597.xzzx | 2.59 KB (2655 bytes) |
MD5:
7596663e80c5c9caea6114ca6f82068b
SHA1: 222a54675be37b3952fb6343f9f96f734fb84759 SHA256: 8856bcb31fef06c8d5f0cd65c9ffb1e9c99808f31bf17f9b15c86c48e85bb8f4 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\6e0684500109fc98cfd71110053fe0e0.xzzx | 20.11 KB (20592 bytes) |
MD5:
f2f8598ed19d8f6d7fc95002641794f5
SHA1: 93c6016547de3971c69bf0827a61754ad150360a SHA256: cd6441fa7fa8603b5b04f3c7715b5f7da02ce2e9e49e519aa1c08b2dfcceed22 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\a74bc39b153f2e46bb66a40d1960128e.xzzx | 82.79 KB (84781 bytes) |
MD5:
295545ec293b2fda16e3532d4e5dbe1d
SHA1: eb1ab5fdb1b57ada98f0dc5c0bfa16998cfdee86 SHA256: b9999e05d1c62715c8230afe78c1845d4d8b35d395dcda7ad6090de58ea6d529 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\d2fbb85013e759fe97cf4af0181d3e46.xzzx | 45.84 KB (46942 bytes) |
MD5:
0c38c9a7fa7be8d26f81566a8f49fb83
SHA1: 5b7f9e7513c1878e0734ab581a93b59409b3313f SHA256: f337839d26055f6071b1f33341ce3ad192049d9771e48b99ad0e6a517cc090f2 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\7f23998a1acab3e49f720f0b1eeb982c.xzzx | 57.81 KB (59197 bytes) |
MD5:
38b610a8b62b51bc570cc460507f97c2
SHA1: 426f92a56a43e23d355476db00beca67ee96fae5 SHA256: 49d72edd3a575011df385e021ec156f4ca56580d137c8413d8fcc2e41d94899e |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\bd094ff047045ccab6a2a1584b394112.xzzx | 32.79 KB (33577 bytes) |
MD5:
7d07ad934a01caaf679134e102069a75
SHA1: e77f58c9a18ce67bf7a1843ce66e9acf8082cf5e SHA256: 79b0b4db9243ff92bcb37125e93b3c9fb10546425b50b5fc6bdf5836e8644aae |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\d5d72cd040472a6053677ef544680ea8.xzzx | 92.25 KB (94467 bytes) |
MD5:
07f3876b0b1fbbe40adf1c279dc9d611
SHA1: 1fa232b83b52736fb8f0655a92e924576572ed9e SHA256: caa63ac3eba72349a04935f69572ae048bdc7a61171c8d00288379d2d0710a3f |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\615936dc32228b708230065136576fb8.xzzx | 67.52 KB (69136 bytes) |
MD5:
47fec316311c6319a6a865ccb3db82d1
SHA1: 18e7b70dd556d8f3f830a72cbfe12674811a8729 SHA256: 97d8dc83ea6f1d5830c5eea46050f636ce3e16ed0134cef66d8a99aa4b7c166c |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\4ec1b3383cf01eb849835ef241110300.xzzx | 47.10 KB (48229 bytes) |
MD5:
2ed84588e41a15610ab30ebdf40620cc
SHA1: cba62e16407081ed8d2c01926e6ac8a579061523 SHA256: 8d30a102ab82571d2d1fe19eb65efca02a98ae70e12db01f66c60a44934d9e38 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\7abc26d22c977f5cf918eabe30b863a4.xzzx | 2.68 KB (2746 bytes) |
MD5:
10c3b07487b5dfbd82efe187860a7741
SHA1: 8fb29a952586d6eda7a5a79cab386d6d0c4170b4 SHA256: f736167e5e548766d8f0c9992e6acefecad6f1b41ebd3bed7e412a041dcdc308 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\f28bd0f0084d975830f3b58e0c6e7ba0.xzzx | 9.36 KB (9588 bytes) |
MD5:
f36474c4ab4ff1cb0bd644b916ad9ac5
SHA1: 950eb98385e5b0b938ebdb425e3a6b635cf9f624 SHA256: 27781736d3003bf288ce12428a9a1e21611f0ff90c2b63b24da1c60ab6a904b9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\fbb049370c08d85d799956bd1029bca5.xzzx | 30.68 KB (31418 bytes) |
MD5:
094a2359ac86447e5f3db13cfe91b51f
SHA1: 7121d4e07e22a12ea72f8a3c784ba1f01e0f2369 SHA256: 49bcc5d7767d0e60e148a7a3fa05212ecbb17b51de01967991693ea9eb8d2c0c |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\609d61282fed0ee4afd8291a340df32c.xzzx | 98.42 KB (100781 bytes) |
MD5:
bbebf0b211b75de09879f9ae3e3acd39
SHA1: 9a4d6802c563f1992b59c1dd035e49408037f24d SHA256: 6d10c6f0542156494f43db2922ba5c6e38af60f2ef68441b49466d7267397965 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\1698fa38038eb2cd51213bc807c39715.xzzx | 25.62 KB (26239 bytes) |
MD5:
6d5c61fa21ddd8399443b98631828511
SHA1: 9232e944a0cfaff9e8a0c670a84433ac86b65ed8 SHA256: ffc33222f6669f600580db1d74967e9929dcb4e32bed6d28c954da9f942b6a45 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\d3d882303025b5406f9968d234469988.xzzx | 50.87 KB (52095 bytes) |
MD5:
aab06430aaf92867712437fdee4506bb
SHA1: 9ea76e1e7e4fdfe00dc318bbb78a29fa88ffa2c5 SHA256: b65cae3ef734966c27e94a37248256f1352a71e52273b3f8d2a5c9452500bd89 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\1971d3bf09924c93cb17194f0dc730db.xzzx | 59.17 KB (60587 bytes) |
MD5:
541425fd978c554404f50b61e819aec4
SHA1: 642bbb34c26f1df2efcb7eb0f94015767d53b57a SHA256: 7a12c18b3f1d15faf8512ad4749161b30d057d78b249614808b87e1597e55079 |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\c355f5402bedf72e504955a0300edb76.xzzx | 55.42 KB (56754 bytes) |
MD5:
55c3104f2dd7291cacbd39a453be9d02
SHA1: 0b137d47f5f53e9c90990ffb73a10f0cd373dc1a SHA256: 34be4d446d835c46646f9b97dbe57e20095fb16c9761e2791928b542ed82715d |
|
|
c:\users\5p5nrgjn0js halpmcxz\pictures\693610ce0e824d54f2368b0112b7319c.xzzx | 46.51 KB (47624 bytes) |
MD5:
d3d6c4268c594e08cc24f032bb9c4d26
SHA1: a65104672fb95244bdbd1e9ecbdb786cde463b4c SHA256: ef722d1a887c8801eb2b2602eafcaf50d60690fd142006771476c31b8d069ec3 |
|
|
c:\users\5p5nrgjn0js halpmcxz\saved games\c8d828ef44c6b909469a8e7948e79d51.xzzx | 0.44 KB (447 bytes) |
MD5:
1fc933c6c389660d5379e070f8e6479b
SHA1: 8a6d154f41e3aadfa51b578cb127097b26ba4308 SHA256: 1fda7167364df89482ee04ec4ab6a3eff60c71f0e89011b820cc18e9a2390631 |
|
|
c:\users\5p5nrgjn0js halpmcxz\searches\07542892440c59ca51177af248413e12.xzzx | 0.67 KB (689 bytes) |
MD5:
810a35c7716525d6ded92f9bee85a404
SHA1: 6f7f1dc14cbdd737031f33aa240c37558733533d SHA256: a3006d1913f64cce51f93db711c8451d047a79ea8b6c98546159b2fd2f89840a |
|
|
c:\users\5p5nrgjn0js halpmcxz\searches\22be9d582e5129d8aa7ce5bc32720e20.xzzx | 0.42 KB (431 bytes) |
MD5:
96c1f62a37267d6c30d888e6a31055fd
SHA1: a9a5757c693fa3a5bfb9bfc47b3bed251592e17b SHA256: 761681e06985095d7d8b1a8b183dc0621bd21115ebdb601e1ed48587334ce431 |
|
|
c:\users\5p5nrgjn0js halpmcxz\searches\86a958f52ba3fcf7083cb8732fd8e13f.xzzx | 0.43 KB (445 bytes) |
MD5:
e2698baef276ddc3acfbfd1d25b89166
SHA1: e44dc82bc6c36bec3a4d70286d73c4521c534d72 SHA256: 47859f01529de4b40a18d0967add6b3bfcc58de85dbf51f2737ac60a82094d76 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\0fcb2df10ca6b6cb526033cf10c79b13.xzzx | 46.69 KB (47806 bytes) |
MD5:
c0273bea1fe271b78d77935015117738
SHA1: 44168b8a7725834877f4aedfbc33bd024d02bc74 SHA256: 9779b2f54756480cad5849ff876167af65e86e44c43c5c9acafb187eaa13b2bd |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\d89af8f8162b0dae766745d41a4bf1f6.xzzx | 0.65 KB (669 bytes) |
MD5:
6c76f521e8052a2c0d16f400c5f392f6
SHA1: 1a2a0232c482bd36fe6145b428578d0c79c2f73d SHA256: bfb9ff0383a8d35f2f9ef548a90c43515fc50af1a8e3f3fa85d585427c61c49c |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\f12649bc389976c6163ced043cce5b0e.xzzx | 94.37 KB (96630 bytes) |
MD5:
4e358143fb249a43799f967628295fbb
SHA1: d30158fd564514919ed9a55a3789423939b0070f SHA256: 45f1b4f65948867edbb7114947a59667bfa6059287df2d97554fb104b3fab140 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\23b23ff43a95b5a94696d7543eb699f1.xzzx | 42.71 KB (43730 bytes) |
MD5:
7d1525739a5a47d9d5eb1360364c5aaa
SHA1: 6bfc8fc2c5f6da17049072387b521f261c3b15cd SHA256: f1152588a7ad2781512b607cafeb9d9b3b3a9496f5c24e76793fad0b9e062afe |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\d0384500388b9600f42b1ae33cc07a48.xzzx | 35.95 KB (36809 bytes) |
MD5:
a5a026fe74cbb136fef1cb833b1cda43
SHA1: 360732bac5ee32964fb942bb05e0c6db634c8220 SHA256: edeb847410ca033b7f2987c11c3597072600f998c6df602593857269655b2087 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\3a21fb2547cb7719582a8c7f4bec5b61.xzzx | 28.00 KB (28673 bytes) |
MD5:
7275ce7acb7f3f81f9f21a0c5ecf2705
SHA1: 697b8c06fe0fabb93462c8651eb0ad9cc7e45a06 SHA256: 9c1df9225e129ce2b8db1a4cb170dbeb31610bd41b241b6e762c6c513ae46614 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\02d7186c2a67434f1071035c2e882797.xzzx | 9.21 KB (9432 bytes) |
MD5:
804550e8001e7d53b6d770be9ca42b13
SHA1: b089f371135e64dee23157ed1b0c143f105dbfbe SHA256: 3c6cdc04520306938d618abb452c00594e5b89e6e98b4c4990987896c6e54a1b |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\0790b504415f6e976181b814459452df.xzzx | 26.09 KB (26715 bytes) |
MD5:
3331b52d364a9e4466a1c5c535bc4d8f
SHA1: d534dd10677629f117dd1ba8bca275e4bdaace23 SHA256: 44638b9d357d79e83ce092d356d1b481fc387909e2688b2f23aaa6f2525f869c |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\816af2da29d3ebef5d033a6e2df4d037.xzzx | 14.53 KB (14882 bytes) |
MD5:
95a530c63a7a514497274282375130a9
SHA1: 5c7f0ede7939812064de230a8611d7d2f2d72b56 SHA256: 72fdc59adb159c79b986e068e6726a9799eff311c9764364153c9645daceb5a7 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\d1b4bdc437a182a42497439f3bc266ec.xzzx | 62.57 KB (64071 bytes) |
MD5:
8fc16b1ffef0d188c1a188886a5098a6
SHA1: 7e8037f4a55b65011b3bdeb45c04590938e69fcb SHA256: 3fbfac0d468a0702c3843735d3cadfd5fad1ed1f2e7c64877b432ce063ffe5ef |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\3509b27c28c34484e701f4a52d2d28cc.xzzx | 11.05 KB (11317 bytes) |
MD5:
597ab5b1ffc533de548dc25f2ee07ec3
SHA1: 37a7782a2b8d5c54d31ca5b208fb78e008cc4055 SHA256: 9398e3683eccca4eff90405b9307c99a8490e245d037f3fc1cfe41633d9610b6 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\18ef94cc2373db0bfe65ead427a8bf53.xzzx | 7.52 KB (7698 bytes) |
MD5:
4657fce65f8c9bc65dbd71d4c926f589
SHA1: ce11e2bfa1ea7755436e29e680954a8b40135aa7 SHA256: 34b39e9fe52e23ad6e7811a59b9b45e29c6dece1565ceccf33eade01da4f6176 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\5bbecda81a1e287c9df89f941e9e0cc4.xzzx | 10.48 KB (10736 bytes) |
MD5:
1dc8d677ee5344f021c9b333c20f122e
SHA1: 0e7943508615aeca521fe0b08bf75f36ae8353b2 SHA256: ca2883b180d77e3d41d5f44e96c6f7c0d88effb49bcc5b1cdecdabe1e558d54f |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\36d405da123e25ccefb9a7dd165f0a14.xzzx | 7.44 KB (7622 bytes) |
MD5:
836699ba89a0a5b5b1681da8a56ec663
SHA1: 72e9ec2de8942e0bd74a0a5ddae6f4907768a211 SHA256: fd813ade09c7ac193031b72537a6c00ded82ee77b086b9cab48b9801286e4d0c |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\7b22a6161cbf8aa2c5439a5220f46eea.xzzx | 47.46 KB (48603 bytes) |
MD5:
b4c67644d02d878f409214153fd2b6c0
SHA1: 08444d9c21db9fa78ef57565322feb6d038ad8fa SHA256: d6fc68cd66d47ff4e97e2bf2284e1fbbd889f74d769de9bb210abf1b1751c32c |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\2ss69ds5b7dlsjshty0o\6b0fb14d2fcd29f7cf6e219f33ee0e3f.xzzx | 87.30 KB (89392 bytes) |
MD5:
d2c138bdda877fbf4462cbf90e92d6f1
SHA1: 17fd56f4025bde384c595e41345e755721c6b01f SHA256: 2f766400303166cbeadcd011255fd9e563be3298a82fc4776c0878a5fd4d4773 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\o903hcw\60ca942226aa4a29961b00962adf2e71.xzzx | 19.99 KB (20470 bytes) |
MD5:
bd94eb090d2af2e598bbc395f565c482
SHA1: 95b29139f506b5fc1996cb08a82a917965f7bea3 SHA256: 7c7567d149cbd3c3d5efb0d49cae5d6e734e8f27ccc2cdfb5e57c560741119a0 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\o903hcw\e29c4433332b9d3db3332d67374c8185.xzzx | 39.91 KB (40865 bytes) |
MD5:
9bb5fd3d899b97b5bd4f7b76d1cf90cf
SHA1: 49ad6628af65b573a3b4e140aedda62dca6a5fa6 SHA256: ef02398d08458affa027ac7ad182fbbf0b2ba98124a250cb5837ef26c3eb08b5 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\dtms 07a7aq-xeuh0\o903hcw\fbba7efe065ec5da534929ce0ac8aa22.xzzx | 43.50 KB (44540 bytes) |
MD5:
49ecd7884f0a2df5eab6568b8b60dc21
SHA1: 193260733bfadcedbe6a9a8db792595a3e408be9 SHA256: a3c2775c9707904f226c3afad21406a591036fada581daa84ca9de8eb0cf580f |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\xarijr5atdl\db53a738127ccaebb87d0318169daf33.xzzx | 97.68 KB (100024 bytes) |
MD5:
5b7a9da311e90dd11ab82627ce8a27dc
SHA1: 5803359577787bcf7ae282a1bbab6b9cbd2b3fa4 SHA256: 4a409fdd2b42d79481ea8caeb8991789776fc658e3e4b4f02ba6503b0af1934c |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\xarijr5atdl\3b9fb280013c30bc79fe404005721504.xzzx | 10.93 KB (11191 bytes) |
MD5:
cc4f877c76d57a18a17bea3354a5f616
SHA1: 86b6b0108ccd25b96495100055f8fe3d2e1a3e9b SHA256: 6b08b68edae066df78b307fb94f49c67f9fdd0632380f70e7c2107ba9de854ac |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\xarijr5atdl\adbc71e42fba59e00d479b5f33db3e28.xzzx | 70.71 KB (72408 bytes) |
MD5:
34296a05465eb4a28ba8478e78c39fce
SHA1: 0b27d4152f0b0308cced733870cd6fe22f70b78b SHA256: 348c3dba179ddc8a2c4c0d5bb81e886afdfd7e5e76878a31a7cd9064249579a9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\bdd25f14384cc362cbd33ade3c6da7aa.xzzx | 93.44 KB (95687 bytes) |
MD5:
3289c077c99e642a1b267a1b060a3afd
SHA1: 5e4f0ce86acfb7b720f20fbece6aeab07fa6a082 SHA256: e52a6ec5e67ffebc561f10a4e73918e8d91e4688250448a2ba03426f6cf660af |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\8181dc6820279a95628fb268245d7edd.xzzx | 24.60 KB (25193 bytes) |
MD5:
f0a3b98bb1245eeeaaff13fc39635eff
SHA1: 2c78334ac941f280ad5e346dd41202c41bda7e85 SHA256: 305b4ce3d21ff13a21874d32c30453600d5faf1e847659d801592e12aa75293c |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\37e85546159c2e64b110da791a0612ac.xzzx | 52.14 KB (53387 bytes) |
MD5:
d2adcf55c513781c3a0ff0aca1610a93
SHA1: c29e2e116b9a017537094c3606558b780da6549c SHA256: 107d60e5d312b72daa6cd8f07ba404c2b1b1c37625bb2486a57dc65f981e8a1f |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\89dd89fe1bc33afa435ca8a71fe81f42.xzzx | 93.96 KB (96218 bytes) |
MD5:
5ccf7d4e5a3ea00b039c7db57a91d20b
SHA1: a6da62cfd14fce05dba048b0075bc090580e7a2a SHA256: 2597a5dadd07f0095f2a769dc58eb1c343dd894af0dd20618accdc1a92845793 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\wpc5n64xvm\04bf022041d4f9a43c1202c84609ddec.xzzx | 65.51 KB (67087 bytes) |
MD5:
6c8489d244a368498979a0cd5539ded4
SHA1: 3f6b769b7209fff99d1f7c531c8a657e66f3c89d SHA256: 1b184a04ebbb0dfdb2b9cd87e6f9acebb2a590bc6123c591cfd44726f1916df9 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\wpc5n64xvm\1cb22af03a177b10110664b53e3c5f58.xzzx | 86.96 KB (89051 bytes) |
MD5:
8a27e67fbb78157633b21d99f0c7282f
SHA1: 7457b0c2e8e4b3118791ad6b3939d0058c7ed3fc SHA256: 0e5c9dfa5cdf5b9d8acb7684b179d3a2faf8985a889e01d1680aabd645d18975 |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\wpc5n64xvm\7b5559382a0fd2b4c13f23862e44b6fc.xzzx | 8.49 KB (8693 bytes) |
MD5:
5e56780a1de42366d923fccefc6e06ae
SHA1: 48aabba1a0a0f96caea07c5446bf15061608f557 SHA256: 6f0dd064e70b8baf81acb65512cdea5fc5347541cb2ffd7a619e81b774965eff |
|
|
c:\users\5p5nrgjn0js halpmcxz\videos\z-_06k\wpc5n64xvm\e3086e520d4ee960428796111173cda8.xzzx | 8.92 KB (9132 bytes) |
MD5:
75c805096f37b62dacad6b6a70fddb1c
SHA1: 388da3051632c38732ce931ddc5eb939c391f847 SHA256: 1319d7be3eda3975014e5099a83c900b830575f57b53ba1dc7cba5e4ef1d5b70 |
|
|
c:\users\public\9665d59245322dd390020d724953121b.xzzx | 0.33 KB (339 bytes) |
MD5:
0891752ebc90dac12b5b050aaab970ce
SHA1: 852006f7332adb918603f644109950adc09e9cd3 SHA256: 67698a3c14bba57840b473f9af3667d969c1fcd1ccf9c42f8bb5c57a1004565a |
|
|
c:\users\public\documents\94338bda105a8f7e16cc5903148f73c6.xzzx | 0.43 KB (443 bytes) |
MD5:
3fb369a47db4261bdc49e7e4a2a29f92
SHA1: ebbeb9a1fad843d79e1677b5e0eb7a9c4224ab1f SHA256: e357e3ce089f949aa8a0f6dba3c8db6f6cf500e5812221b5bfd656a58b74f75c |
|
|
c:\users\public\downloads\bc1d727a30ed2409a03b25c6350e0851.xzzx | 0.33 KB (339 bytes) |
MD5:
bcdd7b264e921d42ccaa60cd609d17b6
SHA1: 4f155b0d4ef3097015b5e98e4858f88fd2406b95 SHA256: 29394518a819e0de6cfa26c66940708cd4426df3d74450c7a95776bd72a8f874 |
|
|
c:\users\public\libraries\721728630b1f6bb259c033230f404ffa.xzzx | 1.04 KB (1061 bytes) |
MD5:
59ae19796ff834f91a4f14bbb53f58a6
SHA1: 00b2a15d997924601a522a3b353f9f817224bd24 SHA256: 0cdd2a9c7e81f46e9f0d9ae5a9428dd38e99d98c91ea605959d87efacb1495c3 |
|
|
c:\users\public\libraries\50c930c63ecf303723410a464304147f.xzzx | 0.25 KB (253 bytes) |
MD5:
a2d1b66694eaf311747b3500d84f5a9d
SHA1: 590a2c5977581ee81b162013290b8c71398ab99f SHA256: 49d99bba648588ce463e8e0107123eacad2b08b119e41b1e03ff3af8753f1a9b |
|
|
c:\users\public\music\de133762273869a1ce952baa2b594de9.xzzx | 0.53 KB (545 bytes) |
MD5:
ad44d7a777871689ca0f1fb07c37f371
SHA1: 2bf4ec3bc21bdab756efc16381fd45e4773ca079 SHA256: 22030c34b18471b52ed52c2fc9c177a827401a1694145e2904ef89dea12ba1cc |
|
|
c:\users\public\music\sample music\b2babb8113becba807b8242f17f3aff0.xzzx | 0.73 KB (751 bytes) |
MD5:
b184b55c67fe558a3f5689d1a4bacb69
SHA1: 148ecdde9f071747f28b789891330079eaa3b445 SHA256: a1d538d6b558f44b0fda34124437294a6b0717ac5f1467b23443c876b8b63e69 |
|
|
c:\users\public\music\sample music\1758a0bd1a6f8ce6b3a600c11e90712e.xzzx | 8.02 MB (8414614 bytes) |
MD5:
b7b47dba0cb8bf928ed3d08ccea8506f
SHA1: 969943096e8451a26ecfb1cb4068f033023143c9 SHA256: d29733d25d73923965d5a62de18c7b5d8658335bf59f9481ff4134a0daab8ebc |
|
|
c:\users\public\pictures\4fe187580c1ceaecf1249fc21086cf34.xzzx | 0.53 KB (545 bytes) |
MD5:
6c348891000c92c184a4cee6af48111e
SHA1: f51704a90830eb08eaa4004c13d5b923352ec198 SHA256: 500e1ba9f43a8dbf2aaa34c91c6145f36589817504b34468f9a2ead141a2bd81 |
|
|
c:\users\public\music\sample music\a308b77e2f1e65bb59ecacae33534a03.xzzx | 3.92 MB (4114075 bytes) |
MD5:
a02aec4728613cce3cfcadbf233fa37b
SHA1: 1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf SHA256: ab30d9eca9fadbb58f5648817e0baa42355fb44929232471c6dbfb2900704942 |
|
|
c:\users\public\pictures\sample pictures\28f3174e3d47a1acf4b1346741c785f4.xzzx | 858.96 KB (879571 bytes) |
MD5:
18378900f89e304a8d26f7043d19f7d3
SHA1: 15280c070e3d7d852e3374fc205723ab365ccfa5 SHA256: d46a6fba15dff761ae17b23f5623f57888f2f9cf89504e7afd38e5f100d803e1 |
|
|
c:\users\public\pictures\sample pictures\d1fd6140114402301247cbc41572e678.xzzx | 826.27 KB (846104 bytes) |
MD5:
901b205094ff969c906d36f93e0dbd8c
SHA1: 316e583d4f6c465f0a21d86964c9f7a7b18b8789 SHA256: a227140ced9d23d74f8c15458b3b636ec9144130d9b6f4414a23d25c045738a9 |
|
|
c:\users\public\pictures\sample pictures\2980fdfd3d56218ae4f6e07941e605d2.xzzx | 1.25 KB (1285 bytes) |
MD5:
cbf4876ed0c4c57bc0f6ef977287ee4a
SHA1: 88c26d8c46c1796d5f90516ad6a202ab04cb96d8 SHA256: 2399c4394c79441c6711fc35c2983857bf00b774e851f0dbcd6dbe58698ac2ae |
|
|
c:\users\public\pictures\sample pictures\a59acd7b3af5e74b902550773f95cb93.xzzx | 581.50 KB (595455 bytes) |
MD5:
ea2350eba4d19301ec89c2460a22cee3
SHA1: e194fe3ec1332f455df08db1cdb770df7238a547 SHA256: 8e7c6e5e4d579dcb083aeed29c16a6ecda7214ede3101adced6e75fc242485af |
|
|
c:\users\public\pictures\sample pictures\fa4bf7a60f1f0c98b1c0f8be134df0e0.xzzx | 757.69 KB (775871 bytes) |
MD5:
764563744807fcd3daafddfe57abac8f
SHA1: d54d84c8bfe1d66e395e0f21196217236bf82e92 SHA256: 08cd68152727103af96698ec06376768cb2b77a80819ea7327ae3f602dde61ac |
|
|
c:\users\public\pictures\sample pictures\4bf5528040685af08ee9fd2844da3f38.xzzx | 762.69 KB (780992 bytes) |
MD5:
d849c7084f501697a5c2197b24dcf0c4
SHA1: ee5519794478e2eff4c509bc63c1161dc83218fe SHA256: 3758284a663f556b3dc898173d4d26a37323dffffe6071b25f231a98acc16c13 |
|
|
c:\users\public\pictures\sample pictures\0fc22e9a1aa1fd13e54a88961ec7e15b.xzzx | 548.29 KB (561447 bytes) |
MD5:
958344aa07574b253dd767216b61542c
SHA1: 3322c081a58b29899c3ecef3e110e38d309c469c SHA256: 4d7c6a79e46fc0ebdb14a2465eb1a89edb45d4b0061126ce7b81068836fd9cf3 |
|
|
c:\users\public\pictures\sample pictures\847d57104b178490f8f2d4b74fa568d8.xzzx | 759.77 KB (778002 bytes) |
MD5:
fe91f819807b8ddf49e32596d9098f4e
SHA1: 02d264420c5324baa0dd87f0cfe715bea928264b SHA256: d2fafd4d9dbac9208f1b6f8fe9e0e04953e08e91052530f7d9e4382047dc0ffb |
|
|
c:\users\public\pictures\sample pictures\cdc4aaad0836755b78d170410ca859a3.xzzx | 606.50 KB (621051 bytes) |
MD5:
b35c78eaccd098555e18b4c658cc0c06
SHA1: 4965df95e26ba0e597f8b993c5c95bc94d37aec2 SHA256: ca7beb4a5502023e82dca26fd0b3982091ba7384ee72345b6c2ea31446bb5ff8 |
|
|
c:\users\public\recorded tv\1edf30f91e98b984e23edaf123369dcc.xzzx | 0.24 KB (245 bytes) |
MD5:
0ee588dd9a445dce1444d14054f14fca
SHA1: 880e4e3ca365ec2582600c8414151c628fb4f495 SHA256: ac395f6ac161e70b123d3b0cfea6b332efd736f1cc081c4fa9c9fba4244b157a |
|
|
c:\users\public\recorded tv\sample media\39d4778c1ca7a7942937668620db8bdc.xzzx | 0.33 KB (336 bytes) |
MD5:
17de83ba5b884fb0273d4bbf87838ad7
SHA1: 6e94c974d05d6d76a510f8d166d052f613f9f614 SHA256: 447227d6d5b4a87a4436a47849afcde1d0ac2432ac46941e9123bce43e623a0b |
|
|
c:\users\public\videos\9c0539442839caf8e19e36092cafaf40.xzzx | 0.53 KB (545 bytes) |
MD5:
e5fbf8b2b37758c80fc28a8e46b8e0ad
SHA1: 49682292020058e6b761843ec235fe5c9a06519a SHA256: 43508baf8ca3930d46c2a29f3549553c54579fab7d6e8a53272a7dff6294e5c3 |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\public\music\sample music\kalimba.mp3 | 8.02 MB (8414614 bytes) |
MD5:
b7b47dba0cb8bf928ed3d08ccea8506f
SHA1: 969943096e8451a26ecfb1cb4068f033023143c9 SHA256: d29733d25d73923965d5a62de18c7b5d8658335bf59f9481ff4134a0daab8ebc |
|
|
c:\users\public\music\sample music\maid with the flaxen hair.mp3 | 3.92 MB (4114075 bytes) |
MD5:
a02aec4728613cce3cfcadbf233fa37b
SHA1: 1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf SHA256: ab30d9eca9fadbb58f5648817e0baa42355fb44929232471c6dbfb2900704942 |
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:03:07 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 16317 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75cf4f2b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75cf1252 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75cf4208 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75cf359f | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75cf4a2d | 1 |
Fn
|
|
Window | Set Attribute | index = 18446744073709551612, new_long = 0 | 1 |
Fn
|
|
COM | Create | interface = 00000112-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Class not registered | 1 |
Fn
|
||
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\programdata\bce1010314.exe, base_address = 0x55820000 | 1 |
Fn
|
|
Window | Create | window_name = Press, class_name = BUTTON, wndproc_parameter = 0 | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
For performance reasons, the remaining 2202 entries are omitted.
The remaining entries can be found in glog.xml. |
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\pagefile.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini, size = 20, size_out = 20 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 103, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 104, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk, size = 486, size_out = 486 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, size = 486 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\323285543E8B2CB8C06CF7B742AC1100.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 104, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 105, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Links\Desktop.lnk | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\2_r9zrnyCzzJ.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\2_r9zrnyCzzJ.mp3, size = 22344, size_out = 22344 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, size = 22344 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\C1C4370F268A7D85910C485D2AAB61CD.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 105, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 106, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\2_r9zrnyCzzJ.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\2_r9zrnyCzzJ.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2--S BWBtG7 nG.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2--S BWBtG7 nG.mp3, size = 46298, size_out = 46298 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, size = 46298 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 106, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 107, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2--S BWBtG7 nG.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\2--S BWBtG7 nG.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\2zrMBovJou.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\2zrMBovJou.wav, size = 91071, size_out = 91071 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, size = 91071 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\D02310330D7F24F9EA0895E311A00941.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 107, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 108, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\2zrMBovJou.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\2zrMBovJou.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\btD83YaGWQR.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\btD83YaGWQR.m4a, size = 31101, size_out = 31101 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, size = 31101 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\83899D5A26F059DE25E7413F2B253E26.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 108, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 109, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\btD83YaGWQR.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\btD83YaGWQR.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BtnyH.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BtnyH.mp3, size = 54133, size_out = 54133 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, size = 54133 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7D698FE122EFCA3A766339E164FE0EB.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 109, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 110, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BtnyH.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BtnyH.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\bTxozG6jGL89 vQ7JVm.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\bTxozG6jGL89 vQ7JVm.m4a, size = 65594, size_out = 65594 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, size = 65594 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\BA853E823C01028A03C2DABB4021E6D2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 110, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 111, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\bTxozG6jGL89 vQ7JVm.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\bTxozG6jGL89 vQ7JVm.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\dTOAV.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\dTOAV.wav, size = 98226, size_out = 98226 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, size = 98226 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 111, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 112, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\dTOAV.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\dTOAV.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\j3v_bMSa tx-.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\j3v_bMSa tx-.m4a, size = 70905, size_out = 70905 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, size = 70905 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\64527B001382D7BF4D0A170017B7BC07.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 112, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 113, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\j3v_bMSa tx-.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\j3v_bMSa tx-.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\jtsnNF8Wy Jt.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\jtsnNF8Wy Jt.m4a, size = 37437, size_out = 37437 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, size = 37437 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\3C85A2C827B882D0AC42F6272BD96718.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 113, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 114, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\jtsnNF8Wy Jt.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\jtsnNF8Wy Jt.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\LuguQ9Fu8UwQPMQRFj.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\LuguQ9Fu8UwQPMQRFj.m4a, size = 36617, size_out = 36617 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, size = 36617 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 114, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 115, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\LuguQ9Fu8UwQPMQRFj.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\LuguQ9Fu8UwQPMQRFj.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\OPPnhBe-ZTrVhEG421.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\OPPnhBe-ZTrVhEG421.wav, size = 36872, size_out = 36872 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, size = 36872 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\663067DE2A526ACA340DE0352E734F12.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 115, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 116, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\OPPnhBe-ZTrVhEG421.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\OPPnhBe-ZTrVhEG421.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\WWsZT9B6tKUn2DClW.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\WWsZT9B6tKUn2DClW.mp3, size = 13312, size_out = 13312 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, size = 13312 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\B7FE604F2A0F001FC8BF560F2E43E467.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 116, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 117, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\WWsZT9B6tKUn2DClW.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\WWsZT9B6tKUn2DClW.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\xN7YDKwcce9C5peK.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\xN7YDKwcce9C5peK.mp3, size = 4536, size_out = 4536 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, size = 4536 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\38DC595E3788A5BA7503B1493BA98A02.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 117, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 118, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\xN7YDKwcce9C5peK.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\xN7YDKwcce9C5peK.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\zCdoEQ.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\zCdoEQ.wav, size = 86999, size_out = 86999 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, size = 86999 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 118, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 119, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\zCdoEQ.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\zCdoEQ.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\_iJcWlMQ1CRXwuy.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\_iJcWlMQ1CRXwuy.m4a, size = 75000, size_out = 75000 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, size = 75000 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\06C3ECFB13862898AA23710517BB0CE0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 119, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 120, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\_iJcWlMQ1CRXwuy.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\_iJcWlMQ1CRXwuy.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3vgH.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3vgH.m4a, size = 73001, size_out = 73001 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, size = 73001 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3006C810075ED0F01F3DE7C50B7FB538.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 120, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 121, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3vgH.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\3vgH.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\45 WvgNJuT9AYaRmo.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\45 WvgNJuT9AYaRmo.m4a, size = 11804, size_out = 11804 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, size = 11804 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\FA78694804C1E3566FC4CB7C08F6C79E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 121, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 122, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\45 WvgNJuT9AYaRmo.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\45 WvgNJuT9AYaRmo.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\nvHO8po6UT1lfU646l.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\nvHO8po6UT1lfU646l.mp3, size = 24602, size_out = 24602 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, size = 24602 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B02B14800A31A4C0C9DC8D360E528908.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 122, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 123, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\nvHO8po6UT1lfU646l.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\nvHO8po6UT1lfU646l.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\oCadhb.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\oCadhb.wav, size = 86173, size_out = 86173 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, size = 86173 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\8F1540B007AB3EF89A8099C80BCC2340.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 123, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 124, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\oCadhb.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\oCadhb.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\qEqtENZ.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\qEqtENZ.wav, size = 69885, size_out = 69885 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, size = 69885 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 124, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 125, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\qEqtENZ.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\qEqtENZ.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\S9Jj_mVynZU911YcI-J0.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\S9Jj_mVynZU911YcI-J0.wav, size = 43566, size_out = 43566 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, size = 43566 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\04BBA0D020119813F8F6E49024327C5B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 125, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 126, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\S9Jj_mVynZU911YcI-J0.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Music\auOsV3M 9VtNbJuKze\9Y_m-oVB2IyYX\DqOPM\S9Jj_mVynZU911YcI-J0.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0feLIIudH.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0feLIIudH.gif, size = 44562, size_out = 44562 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, size = 44562 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C30CF4F82E58715357484B18328D559B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 127, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 128, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0feLIIudH.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0feLIIudH.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0uVNLdVwplc802HWrb1.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0uVNLdVwplc802HWrb1.bmp, size = 37028, size_out = 37028 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, size = 37028 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7EC795ED37AF1A88A52703F73BCFFED0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 126, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 127, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0uVNLdVwplc802HWrb1.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\0uVNLdVwplc802HWrb1.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2b2gQ2C3WuJEBl.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2b2gQ2C3WuJEBl.png, size = 40352, size_out = 40352 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, size = 40352 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7030D20732FB05AE512C0EDB3744E9F6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 128, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 129, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2b2gQ2C3WuJEBl.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2b2gQ2C3WuJEBl.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5X6u252V SzZ.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5X6u252V SzZ.gif, size = 101028, size_out = 101028 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, size = 101028 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\2187C5602F1ADAF08D4383D0333BBF38.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 129, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 130, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5X6u252V SzZ.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5X6u252V SzZ.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9s0pX7t.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9s0pX7t.png, size = 74207, size_out = 74207 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, size = 74207 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3A2295CD2F8CD2DF95E7618733C2B727.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 130, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 131, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9s0pX7t.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\9s0pX7t.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\aqn8.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\aqn8.gif, size = 67249, size_out = 67249 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, size = 67249 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8F82071C3E6AA36071D28504428B87A8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 131, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 132, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\aqn8.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\aqn8.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\azuNey.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\azuNey.jpg, size = 32242, size_out = 32242 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, size = 32242 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 132, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 133, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\azuNey.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\azuNey.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\B4vC-SYblpXq.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\B4vC-SYblpXq.bmp, size = 45391, size_out = 45391 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, size = 45391 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\567FB4290F0A7CE338C9770B132B612B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 133, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 134, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\B4vC-SYblpXq.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\B4vC-SYblpXq.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bqBGtF.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bqBGtF.bmp, size = 8478, size_out = 8478 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, size = 8478 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6C73D824191052A8389547C51D5A36F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 134, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 135, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bqBGtF.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bqBGtF.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bz3TQY.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bz3TQY.png, size = 9610, size_out = 9610 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, size = 9610 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6D777C541DA727448F863C8E21C80B8C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 136, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 137, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bz3TQY.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bz3TQY.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dcuecnaq5mY4vS.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dcuecnaq5mY4vS.jpg, size = 92388, size_out = 92388 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, size = 92388 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7E711D900E3B4440AF6B05F612702888.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 135, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 136, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dcuecnaq5mY4vS.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\dcuecnaq5mY4vS.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini, size = 504, size_out = 504 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, size = 504 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 137, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 138, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\diyvOkO.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\diyvOkO.gif, size = 19535, size_out = 19535 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, size = 19535 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C22D6D6701D063BFF430045506304807.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 138, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 139, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\diyvOkO.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\diyvOkO.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\d_ywXujVU Wq1E.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\d_ywXujVU Wq1E.jpg, size = 22863, size_out = 22863 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, size = 22863 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6274BC861B7171923C3788AB1F9255DA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 139, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 140, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\d_ywXujVU Wq1E.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\d_ywXujVU Wq1E.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\E mrX_4M3P5jMLSuXG.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\E mrX_4M3P5jMLSuXG.bmp, size = 50382, size_out = 50382 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, size = 50382 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8FACB48C4470F6BE344BE4A448A5DB06.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 140, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 141, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\E mrX_4M3P5jMLSuXG.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\E mrX_4M3P5jMLSuXG.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FFqA4 2WndIy.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FFqA4 2WndIy.gif, size = 30992, size_out = 30992 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, size = 30992 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 141, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 142, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FFqA4 2WndIy.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FFqA4 2WndIy.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fTtF.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fTtF.bmp, size = 46854, size_out = 46854 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, size = 46854 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7852C7A011E028AD2E2E29A016150CF5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 142, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 143, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fTtF.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\fTtF.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\g43hR4r2QCQPskvQatT.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\g43hR4r2QCQPskvQatT.png, size = 27415, size_out = 27415 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, size = 27415 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D59AAFC73FFFF3FE126A516D4420D846.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 143, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 144, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\g43hR4r2QCQPskvQatT.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\g43hR4r2QCQPskvQatT.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghz9u7C.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghz9u7C.png, size = 2490, size_out = 2490 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, size = 2490 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5C36794D2643414F2FE671172A8D2597.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 144, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 145, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghz9u7C.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ghz9u7C.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\gpnG5_ q-ZTGc_4b76b.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\gpnG5_ q-ZTGc_4b76b.png, size = 20403, size_out = 20403 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, size = 20403 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\6E0684500109FC98CFD71110053FE0E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 145, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 146, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\gpnG5_ q-ZTGc_4b76b.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\gpnG5_ q-ZTGc_4b76b.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hl35zcYZE.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hl35zcYZE.bmp, size = 84612, size_out = 84612 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, size = 84612 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\A74BC39B153F2E46BB66A40D1960128E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 146, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 147, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hl35zcYZE.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\hl35zcYZE.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Hx4D_z73m1pGCpzIPXzy.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Hx4D_z73m1pGCpzIPXzy.bmp, size = 46751, size_out = 46751 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, size = 46751 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D2FBB85013E759FE97CF4AF0181D3E46.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 147, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 148, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Hx4D_z73m1pGCpzIPXzy.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Hx4D_z73m1pGCpzIPXzy.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\k3NI.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\k3NI.jpg, size = 59038, size_out = 59038 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, size = 59038 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 148, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 149, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\k3NI.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\k3NI.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kfqhp.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kfqhp.png, size = 33416, size_out = 33416 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, size = 33416 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BD094FF047045CCAB6A2A1584B394112.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 149, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 150, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kfqhp.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kfqhp.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LiEtBonze.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LiEtBonze.png, size = 94298, size_out = 94298 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, size = 94298 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D5D72CD040472A6053677EF544680EA8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 150, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 151, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LiEtBonze.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\LiEtBonze.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mXMMLg1uw.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mXMMLg1uw.bmp, size = 68967, size_out = 68967 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, size = 68967 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\615936DC32228B708230065136576FB8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 151, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 152, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mXMMLg1uw.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\mXMMLg1uw.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oEKbZ-fUq6tWCg3E9gms.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oEKbZ-fUq6tWCg3E9gms.gif, size = 48038, size_out = 48038 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, size = 48038 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\4EC1B3383CF01EB849835EF241110300.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 152, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 153, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oEKbZ-fUq6tWCg3E9gms.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\oEKbZ-fUq6tWCg3E9gms.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pDGmGQvtKPZ_ns.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pDGmGQvtKPZ_ns.gif, size = 2567, size_out = 2567 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, size = 2567 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\7ABC26D22C977F5CF918EABE30B863A4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 153, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 154, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pDGmGQvtKPZ_ns.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\pDGmGQvtKPZ_ns.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PTV-5E.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PTV-5E.jpg, size = 9425, size_out = 9425 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, size = 9425 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 154, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 155, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PTV-5E.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\PTV-5E.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VL2r.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VL2r.jpg, size = 31259, size_out = 31259 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, size = 31259 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\FBB049370C08D85D799956BD1029BCA5.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 155, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 156, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VL2r.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VL2r.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VUaHmntzHPrBw9rs6O1.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VUaHmntzHPrBw9rs6O1.jpg, size = 100592, size_out = 100592 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, size = 100592 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\609D61282FED0EE4AFD8291A340DF32C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 156, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 157, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VUaHmntzHPrBw9rs6O1.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\VUaHmntzHPrBw9rs6O1.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wbMFjBguMLJG3mRfnnUn.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wbMFjBguMLJG3mRfnnUn.bmp, size = 26048, size_out = 26048 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, size = 26048 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1698FA38038EB2CD51213BC807C39715.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 157, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 158, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wbMFjBguMLJG3mRfnnUn.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wbMFjBguMLJG3mRfnnUn.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\XL uwZp2bbBe4jnmB.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\XL uwZp2bbBe4jnmB.png, size = 51910, size_out = 51910 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, size = 51910 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\D3D882303025B5406F9968D234469988.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 158, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 159, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\XL uwZp2bbBe4jnmB.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\XL uwZp2bbBe4jnmB.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y5Mqnfp y9ox7lXm62.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y5Mqnfp y9ox7lXm62.png, size = 60400, size_out = 60400 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, size = 60400 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\1971D3BF09924C93CB17194F0DC730DB.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 159, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 160, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y5Mqnfp y9ox7lXm62.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\y5Mqnfp y9ox7lXm62.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Yj-AfpoJM9u50s86.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Yj-AfpoJM9u50s86.png, size = 56571, size_out = 56571 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, size = 56571 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C355F5402BEDF72E504955A0300EDB76.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 160, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 161, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Yj-AfpoJM9u50s86.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Yj-AfpoJM9u50s86.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ylARzGL.png, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ylARzGL.png, size = 47459, size_out = 47459 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, size = 47459 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\693610CE0E824D54F2368B0112B7319C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 161, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 162, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ylARzGL.png | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ylARzGL.png | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini, size = 282, size_out = 282 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, size = 282 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\C8D828EF44C6B909469A8E7948E79D51.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 162, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 163, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Saved Games\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini, size = 524, size_out = 524 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, size = 524 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\07542892440C59CA51177AF248413E12.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 163, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 164, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms, size = 248, size_out = 248 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, size = 248 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\22BE9D582E5129D8AA7CE5BC32720E20.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 164, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 165, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Everywhere.search-ms | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms, size = 248, size_out = 248 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, size = 248 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, size = 54 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\86A958F52BA3FCF7083CB8732FD8E13F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 165, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 166, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Searches\Indexed Locations.search-ms | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D30YP5u1qzg5-VZ7306q.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D30YP5u1qzg5-VZ7306q.mkv, size = 47615, size_out = 47615 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, size = 47615 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 166, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 167, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D30YP5u1qzg5-VZ7306q.mkv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D30YP5u1qzg5-VZ7306q.mkv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini, size = 504, size_out = 504 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, size = 504 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 167, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 168, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J20J9-k9Q1AQR.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J20J9-k9Q1AQR.swf, size = 96453, size_out = 96453 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, size = 96453 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\F12649BC389976C6163CED043CCE5B0E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 168, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 169, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J20J9-k9Q1AQR.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\J20J9-k9Q1AQR.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\l0jm8.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\l0jm8.avi, size = 43569, size_out = 43569 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, size = 43569 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\23B23FF43A95B5A94696D7543EB699F1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 169, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 170, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\l0jm8.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\l0jm8.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\s2dwcVO_4E6w.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\s2dwcVO_4E6w.flv, size = 36634, size_out = 36634 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, size = 36634 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\D0384500388B9600F42B1AE33CC07A48.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 170, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 171, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\s2dwcVO_4E6w.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\s2dwcVO_4E6w.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zpPjma0L3Hj-_nB.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zpPjma0L3Hj-_nB.mp4, size = 28492, size_out = 28492 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, size = 28492 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 171, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 172, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zpPjma0L3Hj-_nB.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\zpPjma0L3Hj-_nB.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2 mjBTvZEWz.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2 mjBTvZEWz.swf, size = 9259, size_out = 9259 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, size = 9259 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\02D7186C2A67434F1071035C2E882797.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 172, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 173, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2 mjBTvZEWz.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2 mjBTvZEWz.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\92y tDp.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\92y tDp.avi, size = 26548, size_out = 26548 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, size = 26548 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\0790B504415F6E976181B814459452DF.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 173, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 174, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\92y tDp.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\92y tDp.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\ArnUUg6o.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\ArnUUg6o.mkv, size = 14715, size_out = 14715 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, size = 14715 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 174, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 175, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\ArnUUg6o.mkv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\ArnUUg6o.mkv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7TSkSEjcLf8xikPUr.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7TSkSEjcLf8xikPUr.avi, size = 63886, size_out = 63886 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, size = 63886 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\D1B4BDC437A182A42497439F3BC266EC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 175, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 176, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7TSkSEjcLf8xikPUr.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7TSkSEjcLf8xikPUr.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\bAFZ2xGuKI.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\bAFZ2xGuKI.swf, size = 7527, size_out = 7527 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, size = 7527 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 177, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 178, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\bAFZ2xGuKI.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\bAFZ2xGuKI.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\ibE0v-Egfbu047ynw.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\ibE0v-Egfbu047ynw.swf, size = 11132, size_out = 11132 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, size = 11132 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\3509B27C28C34484E701F4A52D2D28CC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 176, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 177, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\ibE0v-Egfbu047ynw.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\ibE0v-Egfbu047ynw.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\MI1L.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\MI1L.flv, size = 10577, size_out = 10577 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, size = 10577 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 178, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 179, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\MI1L.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\MI1L.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\No0nJ8TKbF9hYhiurGN.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\No0nJ8TKbF9hYhiurGN.mp4, size = 7433, size_out = 7433 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, size = 7433 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\36D405DA123E25CCEFB9A7DD165F0A14.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 179, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 180, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\No0nJ8TKbF9hYhiurGN.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\No0nJ8TKbF9hYhiurGN.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\q_QGnOQQGbujC4p8q.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\q_QGnOQQGbujC4p8q.swf, size = 48418, size_out = 48418 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, size = 48418 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 180, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 181, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\q_QGnOQQGbujC4p8q.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\q_QGnOQQGbujC4p8q.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\wMr3QKnu.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\wMr3QKnu.mp4, size = 89225, size_out = 89225 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, size = 89225 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 181, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 182, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\wMr3QKnu.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\2SS69ds5b7DlSJShTY0o\wMr3QKnu.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\5Cc08SMWT PKYNwSj.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\5Cc08SMWT PKYNwSj.swf, size = 20285, size_out = 20285 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, size = 20285 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\60CA942226AA4A29961B00962ADF2E71.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 182, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 183, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\5Cc08SMWT PKYNwSj.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\5Cc08SMWT PKYNwSj.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\i2GwNYb4B.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\i2GwNYb4B.mp4, size = 40696, size_out = 40696 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, size = 40696 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\E29C4433332B9D3DB3332D67374C8185.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 183, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 184, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\i2GwNYb4B.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\i2GwNYb4B.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\NxtD.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\NxtD.flv, size = 44381, size_out = 44381 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, size = 44381 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 184, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 185, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\NxtD.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\DTMS 07a7Aq-XEUh0\O903hcW\NxtD.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\6OPfc4qVaMTq.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\6OPfc4qVaMTq.flv, size = 99849, size_out = 99849 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, size = 99849 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\DB53A738127CCAEBB87D0318169DAF33.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 185, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 186, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\6OPfc4qVaMTq.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\6OPfc4qVaMTq.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\MyRwYX_9-WNJ1OXdc1N.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\MyRwYX_9-WNJ1OXdc1N.mp4, size = 11002, size_out = 11002 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, size = 11002 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\3B9FB280013C30BC79FE404005721504.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 186, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 187, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\MyRwYX_9-WNJ1OXdc1N.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\MyRwYX_9-WNJ1OXdc1N.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\yXpEf4.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\yXpEf4.mkv, size = 72245, size_out = 72245 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, size = 72245 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 187, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 188, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\yXpEf4.mkv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\xAriJR5aTdl\yXpEf4.mkv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8bunT0Nrx1v M.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8bunT0Nrx1v M.avi, size = 25016, size_out = 25016 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, size = 25016 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8181DC6820279A95628FB268245D7EDD.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 189, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 190, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8bunT0Nrx1v M.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\8bunT0Nrx1v M.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\aC_Ja4AvvNCLsQMnj7.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\aC_Ja4AvvNCLsQMnj7.swf, size = 95500, size_out = 95500 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, size = 95500 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 188, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 189, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\aC_Ja4AvvNCLsQMnj7.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\aC_Ja4AvvNCLsQMnj7.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\bjQVhKZ0dfp8gRtn_Z.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\bjQVhKZ0dfp8gRtn_Z.flv, size = 53200, size_out = 53200 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, size = 53200 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\37E85546159C2E64B110DA791A0612AC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 190, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 191, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\bjQVhKZ0dfp8gRtn_Z.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\bjQVhKZ0dfp8gRtn_Z.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\xTAGaGiIpU.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\xTAGaGiIpU.mp4, size = 96047, size_out = 96047 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, size = 96047 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 191, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 192, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\xTAGaGiIpU.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\xTAGaGiIpU.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\AmR.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\AmR.swf, size = 66930, size_out = 66930 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, size = 66930 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, size = 14 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\04BF022041D4F9A43C1202C84609DDEC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 192, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 193, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\AmR.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\AmR.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\fJw1HV.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\fJw1HV.flv, size = 88888, size_out = 88888 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, size = 88888 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\1CB22AF03A177B10110664B53E3C5F58.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 193, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 194, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\fJw1HV.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\fJw1HV.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\Moq53i08kUE_j1CIf3Zg.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\Moq53i08kUE_j1CIf3Zg.avi, size = 8502, size_out = 8502 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, size = 8502 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\7B5559382A0FD2B4C13F23862E44B6FC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 194, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 195, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\Moq53i08kUE_j1CIf3Zg.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\Moq53i08kUE_j1CIf3Zg.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\v9PzrbehuH3KFc.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\v9PzrbehuH3KFc.mp4, size = 8953, size_out = 8953 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, size = 8953 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, size = 36 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\E3086E520D4EE960428796111173CDA8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 195, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 196, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\v9PzrbehuH3KFc.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Videos\Z-_06k\wpc5n64XVm\v9PzrbehuH3KFc.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\ntuser.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Contacts\Administrator.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Contacts\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Downloads\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Links\Web Slice Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Money.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Sports.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSNBC News.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Get Windows Live.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\Desktop.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\Downloads.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Saved Games\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Searches\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Searches\Everywhere.search-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Searches\Indexed Locations.search-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\desktop.ini, size = 174, size_out = 174 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, size = 174 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\9665D59245322DD390020D724953121B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 196, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 197, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Documents\desktop.ini, size = 278, size_out = 278 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, size = 278 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Documents\94338BDA105A8F7E16CC5903148F73C6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 197, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 198, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Documents\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Documents\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Downloads\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Downloads\desktop.ini, size = 174, size_out = 174 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, size = 174 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Downloads\BC1D727A30ED2409A03B25C6350E0851.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 198, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 199, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Downloads\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Downloads\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Libraries\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Libraries\desktop.ini, size = 88, size_out = 88 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, size = 88 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\50C930C63ECF303723410A464304147F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 200, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 201, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Libraries\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Libraries\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms, size = 876, size_out = 876 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, size = 876 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Libraries\721728630B1F6BB259C033230F404FFA.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 199, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 200, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Libraries\RecordedTV.library-ms | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Music\desktop.ini, size = 380, size_out = 380 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Music\DE133762273869A1CE952BAA2B594DE9.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 380 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 201, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 202, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Music\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Music\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini, size = 586, size_out = 586 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, size = 586 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\B2BABB8113BECBA807B8242F17F3AFF0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 202, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 203, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Music\Sample Music\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, process_name = c:\programdata\bce1010314.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\programdata\bce1010314.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Users\Public\Music\Sample Music\Kalimba.mp3, destination_filename = \\?\C:\Users\Public\Music\Sample Music\1758A0BD1A6F8CE6B3A600C11E90712E.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 203, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 204, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, process_name = c:\programdata\bce1010314.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\programdata\bce1010314.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, size = 58 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3, destination_filename = \\?\C:\Users\Public\Music\Sample Music\A308B77E2F1E65BB59ECACAE33534A03.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 205, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 206, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, process_name = c:\programdata\bce1010314.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\programdata\bce1010314.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Users\Public\Music\Sample Music\Sleep Away.mp3, destination_filename = \\?\C:\Users\Public\Music\Sample Music\37DA6C30402385B0E323002B44E969F8.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 219, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 220, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\desktop.ini, size = 380, size_out = 380 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\4FE187580C1CEAECF1249FC21086CF34.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 380 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 204, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 205, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg, size = 879394, size_out = 879394 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, size = 879394 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\28F3174E3D47A1ACF4B1346741C785F4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 206, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 207, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg, size = 845941, size_out = 845941 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, size = 845941 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\D1FD6140114402301247CBC41572E678.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 207, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 208, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini, size = 1120, size_out = 1120 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, size = 1120 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\2980FDFD3D56218AE4F6E07941E605D2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 208, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 209, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg, size = 595284, size_out = 595284 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, size = 595284 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\A59ACD7B3AF5E74B902550773F95CB93.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 209, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 210, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg, size = 775702, size_out = 775702 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, size = 775702 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 210, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 211, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Koala.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Koala.jpg, size = 780831, size_out = 780831 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, size = 780831 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\4BF5528040685AF08EE9FD2844DA3F38.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 211, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 212, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg, size = 561276, size_out = 561276 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, size = 561276 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 212, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 213, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg, size = 777835, size_out = 777835 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, size = 777835 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\847D57104B178490F8F2D4B74FA568D8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 213, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 214, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg, size = 620888, size_out = 620888 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, size = 620888 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\CDC4AAAD0836755B78D170410CA859A3.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 214, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 215, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini, size = 80, size_out = 80 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, size = 80 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\1EDF30F91E98B984E23EDAF123369DCC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 215, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 216, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Recorded TV\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini, size = 171, size_out = 171 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, size = 171 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\39D4778C1CA7A7942937668620DB8BDC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 216, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 217, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, process_name = c:\programdata\bce1010314.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\programdata\bce1010314.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, size = 58 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv, destination_filename = \\?\C:\Users\Public\Recorded TV\Sample Media\27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 220, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 221, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Videos\desktop.ini, size = 380, size_out = 380 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, size = 380 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\9C0539442839CAF8E19E36092CAFAF40.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 217, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 218, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Videos\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Videos\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini, size = 326, size_out = 326 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, size = 326 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\AE3F22464654D223AFF867CA4A80B66B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 218, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 219, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\Public\Videos\Sample Videos\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
|
Module | Map | \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, process_name = c:\programdata\bce1010314.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ | 1 |
Fn
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
Module | Unmap | process_name = c:\programdata\bce1010314.exe | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Ȇ | 1 |
Fn
|
||
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, size = 5 | 1 |
Fn
Data
|
|
File | Move | source_filename = \\?\C:\Users\Public\Videos\Sample Videos\Wildlife.wmv, destination_filename = \\?\C:\Users\Public\Videos\Sample Videos\168E33E2343B04A525B9D9AE38C0E8ED.XZZX, flags = MOVEFILE_REPLACE_EXISTING | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 221, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 222, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\pagefile.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3wes.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3wes.gif, size = 73509, size_out = 73509 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, size = 73509 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3249DFC4336570C648854B1C3600550E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 222, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 223, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3wes.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3wes.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cjwLkHotFDrB.csv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cjwLkHotFDrB.csv, size = 82839, size_out = 82839 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, size = 82839 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\831028C931A43BD1AECC4481344F2019.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 223, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 224, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cjwLkHotFDrB.csv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cjwLkHotFDrB.csv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CtU1cr28O6YeLq5MF4zr.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CtU1cr28O6YeLq5MF4zr.mp3, size = 71402, size_out = 71402 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, size = 71402 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 224, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 225, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CtU1cr28O6YeLq5MF4zr.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CtU1cr28O6YeLq5MF4zr.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini, size = 282, size_out = 282 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, size = 282 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\332EDF2812729F5E1FC79588150D83A6.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 225, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 226, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FNPUDpYy3rwMi.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FNPUDpYy3rwMi.flv, size = 54191, size_out = 54191 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, size = 54191 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF31D96F11ED2C2F0C02623D14881077.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 226, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 227, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FNPUDpYy3rwMi.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FNPUDpYy3rwMi.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FzoKie.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FzoKie.rtf, size = 3703, size_out = 3703 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, size = 3703 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DD2F494808F07B7C068185820B9B5FC4.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 227, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 228, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FzoKie.rtf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FzoKie.rtf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jkGAH7YstwIc6lZC9j.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jkGAH7YstwIc6lZC9j.gif, size = 10457, size_out = 10457 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, size = 10457 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 228, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 229, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jkGAH7YstwIc6lZC9j.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\jkGAH7YstwIc6lZC9j.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYsb.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYsb.gif, size = 58542, size_out = 58542 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, size = 58542 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 229, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 230, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYsb.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JYsb.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lj26CzXci-whK31.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lj26CzXci-whK31.wav, size = 82671, size_out = 82671 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, size = 82671 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\992D94E80C53825AE241BB580EEE66A2.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 230, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 231, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lj26CzXci-whK31.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lj26CzXci-whK31.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NvEcGQE86DZ.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NvEcGQE86DZ.flv, size = 58998, size_out = 58998 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, size = 58998 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E50598804514D2A02376220C47BFB6E8.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 231, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 232, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NvEcGQE86DZ.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NvEcGQE86DZ.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oNjA8Krckm-Uh1s9B5p.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oNjA8Krckm-Uh1s9B5p.mkv, size = 2992, size_out = 2992 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, size = 2992 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BB588F142896CA4D429F9F1C2B61AE95.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 232, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 233, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oNjA8Krckm-Uh1s9B5p.mkv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oNjA8Krckm-Uh1s9B5p.mkv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oVGbbCOCJnt_S.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oVGbbCOCJnt_S.bmp, size = 97796, size_out = 97796 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, size = 97796 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, size = 34 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\297441CE2F3A13CA3B4881DA31D4F812.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 234, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 235, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oVGbbCOCJnt_S.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\oVGbbCOCJnt_S.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\P2Yd7s y0s0iE3pixbWf.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\P2Yd7s y0s0iE3pixbWf.mp4, size = 76004, size_out = 76004 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, size = 76004 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, size = 48 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\B4B65B2031FA98E00EE8EF9234A57D28.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 233, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 234, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\P2Yd7s y0s0iE3pixbWf.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\P2Yd7s y0s0iE3pixbWf.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qWhs9jNagvnL0I2S.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qWhs9jNagvnL0I2S.avi, size = 58258, size_out = 58258 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, size = 58258 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, size = 40 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9C15BB57408998F37E04B2C943547D3B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 235, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 236, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qWhs9jNagvnL0I2S.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\qWhs9jNagvnL0I2S.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\R29FEAYxqzGKfm4iuq.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\R29FEAYxqzGKfm4iuq.wav, size = 52391, size_out = 52391 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, size = 52391 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D93E01F80BAD2630B7A5A4810E480A78.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 236, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 237, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\R29FEAYxqzGKfm4iuq.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\R29FEAYxqzGKfm4iuq.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RcaCR.avi, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RcaCR.avi, size = 35084, size_out = 35084 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, size = 35084 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 237, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 238, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RcaCR.avi | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RcaCR.avi | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SdgI3.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SdgI3.mp4, size = 57604, size_out = 57604 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, size = 57604 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\3DAB86532684748B01DC4141291F58D3.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 238, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 239, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SdgI3.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SdgI3.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XaK4rq6FxAm.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XaK4rq6FxAm.gif, size = 38492, size_out = 38492 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, size = 38492 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DF36633018C45D50D22CF61F1B5F4198.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 239, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 240, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XaK4rq6FxAm.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\XaK4rq6FxAm.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe, size = 223232, size_out = 223232 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, size = 223232 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\E81AA92127D9DDF67EDCD7852A74C23E.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 240, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 241, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xzzx_cryptMix.vir.exe | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ya6Z9poxN.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ya6Z9poxN.swf, size = 81113, size_out = 81113 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, size = 81113 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\4F7E052E193A3049491669EE1BD51491.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 241, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 242, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ya6Z9poxN.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ya6Z9poxN.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ym0OWp.ods, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ym0OWp.ods, size = 4885, size_out = 4885 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, size = 4885 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 242, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 243, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ym0OWp.ods | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ym0OWp.ods | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YmOf4LXrg2cAXUtOgh.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YmOf4LXrg2cAXUtOgh.m4a, size = 28199, size_out = 28199 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, size = 28199 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2E75F0001166B900C846E8C014019D48.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 243, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 244, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YmOf4LXrg2cAXUtOgh.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YmOf4LXrg2cAXUtOgh.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zexl18m.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zexl18m.mp3, size = 42309, size_out = 42309 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, size = 42309 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\F1621E5927CB75F785544EA92A665A3F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 244, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 245, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zexl18m.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zexl18m.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZZFMbf.odt, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZZFMbf.odt, size = 81289, size_out = 81289 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, size = 81289 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, size = 20 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8806259228B57EA824563E032B5062F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 245, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 246, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZZFMbf.odt | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZZFMbf.odt | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_av9Cb6IPXGAa5C.mp4, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_av9Cb6IPXGAa5C.mp4, size = 28703, size_out = 28703 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, size = 28703 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 246, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 247, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_av9Cb6IPXGAa5C.mp4 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_av9Cb6IPXGAa5C.mp4 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\4BTbVX2SL5PMNXlhJi.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\4BTbVX2SL5PMNXlhJi.m4a, size = 27436, size_out = 27436 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, size = 27436 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\46EBDC270E18B2453D2848DF10B3968D.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 247, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 248, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\4BTbVX2SL5PMNXlhJi.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\4BTbVX2SL5PMNXlhJi.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\BOrtQ-gODoJ96Mp2i.pps, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\BOrtQ-gODoJ96Mp2i.pps, size = 64879, size_out = 64879 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, size = 64879 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, size = 42 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\83C1838C2E60DE68F9CF738530FBC2B0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 248, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 249, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\BOrtQ-gODoJ96Mp2i.pps | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\BOrtQ-gODoJ96Mp2i.pps | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\RH-9w1ekDlX.swf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\RH-9w1ekDlX.swf, size = 82214, size_out = 82214 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, size = 82214 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\264E8978238A26C478B38BEE26250B0C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 249, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 250, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\RH-9w1ekDlX.swf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\RH-9w1ekDlX.swf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\rvzAqm2.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\rvzAqm2.flv, size = 55140, size_out = 55140 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, size = 55140 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\6CCF439C27C8E0021B579B862A63C44A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 250, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 251, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\rvzAqm2.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\rvzAqm2.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TrEKohawJ.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TrEKohawJ.m4a, size = 91677, size_out = 91677 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, size = 91677 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\B79C27C02FF18394C4F93E40328C67DC.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 251, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 252, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TrEKohawJ.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TrEKohawJ.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TxQmAhXtJ1.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TxQmAhXtJ1.mp3, size = 46830, size_out = 46830 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, size = 46830 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, size = 28 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\910A44A405CFC3CC320BF52E086AA814.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 252, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 253, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TxQmAhXtJ1.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\TxQmAhXtJ1.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\ySq45fyDTuTLWzePdp4.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\ySq45fyDTuTLWzePdp4.m4a, size = 23053, size_out = 23053 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, size = 23053 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, size = 46 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\7A0DF8C008543AF04031BD840AEF1F38.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 253, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 254, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\ySq45fyDTuTLWzePdp4.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ee7G-xHgdwJfqcsImMM\ySq45fyDTuTLWzePdp4.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\5OmbcR7YDw3.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\5OmbcR7YDw3.bmp, size = 52870, size_out = 52870 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, size = 52870 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, size = 30 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\47B40A10111A83A88A73451213B567F0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 254, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 255, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\5OmbcR7YDw3.bmp | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\5OmbcR7YDw3.bmp | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\iyIk6.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\iyIk6.jpg, size = 75860, size_out = 75860 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, size = 75860 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\4F6F3FD029568B304D8CACEB2BF16F78.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 255, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 256, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\iyIk6.jpg | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\iyIk6.jpg | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\rVKi.xlsx, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\rVKi.xlsx, size = 44179, size_out = 44179 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, size = 44179 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 256, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 257, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\rVKi.xlsx | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\rVKi.xlsx | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\UcgnfCPkkGAfI8Infh.pdf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\UcgnfCPkkGAfI8Infh.pdf, size = 65857, size_out = 65857 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, size = 65857 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\2F277C800E3D000EDE26BEC010D7E456.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 257, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 258, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\UcgnfCPkkGAfI8Infh.pdf | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\UcgnfCPkkGAfI8Infh.pdf | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\XiCIIZYNum_VSBs.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\XiCIIZYNum_VSBs.wav, size = 61958, size_out = 61958 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, size = 61958 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, size = 38 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\C85257232EB7E6DDB4D24C9F3152CB25.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 258, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 259, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\XiCIIZYNum_VSBs.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\XiCIIZYNum_VSBs.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\ZxQsBuyh.ods, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\ZxQsBuyh.ods, size = 64539, size_out = 64539 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, size = 64539 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, size = 24 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 259, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 260, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\ZxQsBuyh.ods | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KZ7l4KmpPgbeETV_wvF\ZxQsBuyh.ods | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\UzONnSwswGOnlESVfL.mp3, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\UzONnSwswGOnlESVfL.mp3, size = 42981, size_out = 42981 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, size = 42981 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\8306832F015A14CA9B3B5FDD03F4F912.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 260, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 261, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\UzONnSwswGOnlESVfL.mp3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\UzONnSwswGOnlESVfL.mp3 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\xtxVVYFEc-NWjSwclj.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\xtxVVYFEc-NWjSwclj.flv, size = 3396, size_out = 3396 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, size = 3396 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\6F61A1B801317143207838E803DC558B.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 261, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 262, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\xtxVVYFEc-NWjSwclj.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\xtxVVYFEc-NWjSwclj.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\zKa6.xls, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\zKa6.xls, size = 75590, size_out = 75590 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, size = 75590 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\074B93892CEB8207FA07ADC92F86664F.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 262, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 263, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\zKa6.xls | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\zKa6.xls | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\6IAM.m4a, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\6IAM.m4a, size = 63538, size_out = 63538 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, size = 63538 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, size = 16 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\B71609DC2AB3B518FC7896292D5E9960.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 263, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 264, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\6IAM.m4a | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\6IAM.m4a | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\7IFRA25.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\7IFRA25.gif, size = 29358, size_out = 29358 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, size = 29358 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, size = 22 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 264, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 265, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\7IFRA25.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\7IFRA25.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\zd0bLbxkM-mx4VZDX_.flv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\zd0bLbxkM-mx4VZDX_.flv, size = 87711, size_out = 87711 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, size = 87711 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, size = 44 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\A941655030ADE0983EE0D4E83348C4E0.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 265, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 266, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\zd0bLbxkM-mx4VZDX_.flv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\zd0bLbxkM-mx4VZDX_.flv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8P6C FwpZ.mkv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8P6C FwpZ.mkv, size = 11121, size_out = 11121 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, size = 11121 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, size = 26 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 266, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 267, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8P6C FwpZ.mkv | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8P6C FwpZ.mkv | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8W8bO.gif, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8W8bO.gif, size = 10986, size_out = 10986 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, size = 10986 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, size = 18 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\ED641CAF2D7EC8F4296430333019AD3C.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 267, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 268, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8W8bO.gif | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\8W8bO.gif | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\lTddMw6tEfsH.wav, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Read | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\lTddMw6tEfsH.wav, size = 86752, size_out = 86752 | 1 |
Fn
Data
|
|
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7596e124 | 1 |
Fn
|
|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, size = 86752 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, size = 5 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, size = 32 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = end | 1 |
Fn
|
||
Module | Load | module_name = Advapi32.dll, base_address = 0x75960000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7598779b | 1 |
Fn
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, size = 128 | 1 |
Fn
Data
|
|
File | Write | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX, size = 5 | 1 |
Fn
Data
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 268, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion | 1 |
Fn
|
|
Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion, value_name = E1010314, data = 269, size = 4, type = REG_DWORD_LITTLE_ENDIAN | 1 |
Fn
|
|
Module | Load | module_name = kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75cf89b3 | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\lTddMw6tEfsH.wav | 1 |
Fn
|
|
File | Delete | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZBiOZr_ 3-6W\3Yo4kg3p-K\0zRcyBT06WYN8R-glJ0\lTddMw6tEfsH.wav | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\ntuser.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Contacts\Administrator.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Contacts\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Downloads\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Links\Web Slice Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Money.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Sports.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSNBC News.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Get Windows Live.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Mail.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Windows Live\Windows Live Spaces.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\Desktop.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\Downloads.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Links\RecentPlaces.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Music\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Pictures\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Saved Games\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Searches\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Searches\Everywhere.search-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Searches\Indexed Locations.search-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Videos\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Desktop\Adobe Reader X.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Desktop\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Desktop\Google Chrome.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Public\Desktop\Mozilla Firefox.lnk, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\bootmgr, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\hiberfil.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\pagefile.sys, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\ntuser.dat.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
|
Module | Create Mapping | module_name = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, filename = \\?\C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss, protection = PAGE_READWRITE, maximum_size = 0 | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT.LOG2, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\ntuser.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Contacts\Administrator.contact, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Contacts\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Documents\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Downloads\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Links\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Links\Web Slice Gallery.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\IE Add-on site.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\IE site on Microsoft.com.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Home.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft At Work.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\Microsoft Websites\Microsoft Store.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Autos.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Entertainment.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Money.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
File | Create | filename = \\?\C:\Users\Default\Favorites\MSN Websites\MSN Sports.url, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE | 1 |
Fn
|
Information | Value |
---|---|
ID | #24 |
File Name | c:\programdata\bce1010314.exe |
Command Line | "C:\ProgramData\BCE1010314.exe" |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:01:16, Reason: Autostart |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:03:05 |
Information | Value |
---|---|
PID | 0x560 |
Parent PID | 0x45c (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
564
0x
608
0x
62C
0x
658
0x
65C
0x
694
0x
6B0
0x
6C8
0x
6E0
0x
700
0x
714
0x
71C
0x
72C
0x
738
0x
754
0x
764
0x
778
0x
784
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b6fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000001d0000 | 0x001d0000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000260000 | 0x00260000 | 0x00261fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00370000 | 0x003d6fff | Memory Mapped File | Readable |
|
|||
windowsshell.manifest | 0x003e0000 | 0x003e0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000400000 | 0x00400000 | 0x00400fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000410000 | 0x00410000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000420000 | 0x00420000 | 0x005a7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005b0000 | 0x005b0000 | 0x00730fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000740000 | 0x00740000 | 0x01b3ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001b40000 | 0x01b40000 | 0x01bbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001bc0000 | 0x01bc0000 | 0x01bfffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c00000 | 0x01c00000 | 0x01c00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c10000 | 0x01c10000 | 0x01c10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c20000 | 0x01c20000 | 0x01c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c30000 | 0x01c30000 | 0x01c6ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x01c70000 | 0x01cabfff | Memory Mapped File | Readable |
|
|||
private_0x0000000001c70000 | 0x01c70000 | 0x01caffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001cb0000 | 0x01cb0000 | 0x01cb0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001cc0000 | 0x01cc0000 | 0x01ccffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001cd0000 | 0x01cd0000 | 0x01daefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001db0000 | 0x01db0000 | 0x01deffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001df0000 | 0x01df0000 | 0x01df0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e00000 | 0x01e00000 | 0x01e00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e10000 | 0x01e10000 | 0x01e10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e20000 | 0x01e20000 | 0x01e5ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001e60000 | 0x01e60000 | 0x02252fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002260000 | 0x02260000 | 0x023dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002260000 | 0x02260000 | 0x0229ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x022a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022b0000 | 0x022b0000 | 0x022b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022c0000 | 0x022c0000 | 0x022c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022d0000 | 0x022d0000 | 0x02397fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x00000000023a0000 | 0x023a0000 | 0x023dffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x023e0000 | 0x026aefff | Memory Mapped File | Readable |
|
|||
private_0x00000000026b0000 | 0x026b0000 | 0x027affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027b0000 | 0x027b0000 | 0x028affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028b0000 | 0x028b0000 | 0x029affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000029b0000 | 0x029b0000 | 0x02aaffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x02ab0000 | 0x02b6ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002b70000 | 0x02b70000 | 0x02c6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c70000 | 0x02c70000 | 0x02d6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d70000 | 0x02d70000 | 0x02daffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002db0000 | 0x02db0000 | 0x02eaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002eb0000 | 0x02eb0000 | 0x02eeffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ef0000 | 0x02ef0000 | 0x02feffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ff0000 | 0x02ff0000 | 0x0302ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003030000 | 0x03030000 | 0x0312ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x0316ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003170000 | 0x03170000 | 0x0326ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003270000 | 0x03270000 | 0x032affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032b0000 | 0x032b0000 | 0x033affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000033b0000 | 0x033b0000 | 0x033effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000033f0000 | 0x033f0000 | 0x034effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000034f0000 | 0x034f0000 | 0x0352ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003530000 | 0x03530000 | 0x0362ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003630000 | 0x03630000 | 0x0366ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003670000 | 0x03670000 | 0x0376ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003770000 | 0x03770000 | 0x03770fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003780000 | 0x03780000 | 0x037bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000037c0000 | 0x037c0000 | 0x038bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000038c0000 | 0x038c0000 | 0x038c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000038d0000 | 0x038d0000 | 0x0390ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003910000 | 0x03910000 | 0x03a0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003a10000 | 0x03a10000 | 0x03a4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003a50000 | 0x03a50000 | 0x03b4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003b50000 | 0x03b50000 | 0x03b50fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003b60000 | 0x03b60000 | 0x03b9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ba0000 | 0x03ba0000 | 0x03c9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ca0000 | 0x03ca0000 | 0x03ca0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003cb0000 | 0x03cb0000 | 0x03cb0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003cc0000 | 0x03cc0000 | 0x03cc0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003cd0000 | 0x03cd0000 | 0x03cd0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ce0000 | 0x03ce0000 | 0x03ce0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003cf0000 | 0x03cf0000 | 0x03cf0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d00000 | 0x03d00000 | 0x03d00fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d10000 | 0x03d10000 | 0x03d10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d20000 | 0x03d20000 | 0x03d20fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d30000 | 0x03d30000 | 0x03d30fff | Private Memory | Readable, Writable |
|
|||
bce1010314.exe | 0x55820000 | 0x5585bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x729a0000 | 0x729a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pdh.dll | 0x729b0000 | 0x729ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x729f0000 | 0x72a73fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credssp.dll | 0x731a0000 | 0x731a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x731b0000 | 0x731c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x731f0000 | 0x7326ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x73270000 | 0x7340dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73410000 | 0x73417fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73420000 | 0x7347bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73480000 | 0x734befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74970000 | 0x7497dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74980000 | 0x749bafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x749c0000 | 0x749d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x749f0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74a00000 | 0x74a5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x74a60000 | 0x74abffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x74ad0000 | 0x74b5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x74b90000 | 0x74c0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x74c10000 | 0x74c36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x74c40000 | 0x74c85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x74c90000 | 0x74ca1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x74cb0000 | 0x758f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75960000 | 0x759fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x75a90000 | 0x75b12fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75c50000 | 0x75cdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75ce0000 | 0x75deffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75df0000 | 0x75e46fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x75e50000 | 0x75eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76280000 | 0x7632bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76330000 | 0x76348fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x76350000 | 0x764abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x764b0000 | 0x765affff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x766f0000 | 0x767bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x767c0000 | 0x767c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x767d0000 | 0x768bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x768c0000 | 0x76a5cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076aa0000 | 0x76aa0000 | 0x76bbefff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000076bc0000 | 0x76bc0000 | 0x76cb9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76cc0000 | 0x76e68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76ea0000 | 0x7701ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|||
For performance reasons, the remaining 61 entries are omitted.
The remaining entries can be found in flog.txt. |
Category | Operation | Information | Success | Count | Logfile |
---|---|---|---|---|---|
System | Get Time | type = System Time, time = 2017-11-14 19:03:07 (UTC) | 1 |
Fn
|
|
System | Get Time | type = Ticks, time = 16348 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75cf4f2b | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75cf1252 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75cf4208 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75cf359f | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
File | Open | filename = STD_INPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_OUTPUT_HANDLE | 1 |
Fn
|
|
File | Open | filename = STD_ERROR_HANDLE | 1 |
Fn
|
|
Environment | Get Environment String | - | 1 |
Fn
Data
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75ce0000 | 1 |
Fn
|
|
Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75cf4a2d | 1 |
Fn
|
|
Window | Set Attribute | index = 18446744073709551612, new_long = 0 | 1 |
Fn
|
|
COM | Create | interface = 00000112-0000-0000-C000-000000000046, cls_context = CLSCTX_LOCAL_SERVER | 1 |
Fn
|
|
Debug | process_name = c:\programdata\bce1010314.exe, type = DEBUG_STRING, text = Class not registered | 1 |
Fn
|
||
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Filename | process_name = c:\programdata\bce1010314.exe, file_name_orig = C:\ProgramData\BCE1010314.exe, size = 260 | 1 |
Fn
|
|
File | Delete | filename = 0 | 1 |
Fn
|
|
Module | Get Handle | module_name = c:\programdata\bce1010314.exe, base_address = 0x55820000 | 1 |
Fn
|
|
Window | Create | window_name = Press, class_name = BUTTON, wndproc_parameter = 0 | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
System | Get Info | type = Hardware Information | 1 |
Fn
|
|
Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer | 1 |
Fn
|
|
System | Get Info | type = Operating System | 1 |
Fn
|
|
For performance reasons, the remaining 1536 entries are omitted.
The remaining entries can be found in glog.xml. |
Information | Value |
---|---|
ID | #25 |
File Name | c:\windows\syswow64\notepad.exe |
Command Line | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_HELP_INSTRUCTION.TXT |
Initial Working Directory | C:\Windows\system32\ |
Monitor | Start Time: 00:03:45, Reason: Child Process |
Unmonitor | End Time: 00:04:21, Reason: Terminated by Timeout |
Monitor Duration | 00:00:36 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x1030 |
Parent PID | 0x54c (c:\programdata\bce1010314.exe) |
Is Created or Modified Executable | |
Integrity Level | Medium |
Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege |
Thread IDs |
0x
1034
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
notepad.exe.mui | 0x000e0000 | 0x000e2fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000110000 | 0x00110000 | 0x00110fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | Readable |
|
|||
msctf.dll.mui | 0x00130000 | 0x00130fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000230000 | 0x00230000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002e0000 | 0x002e0000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000400000 | 0x00400000 | 0x004fffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000500000 | 0x00500000 | 0x005defff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000660000 | 0x00660000 | 0x0066ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000670000 | 0x00670000 | 0x007f7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000800000 | 0x00800000 | 0x00980fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000aa0000 | 0x00aa0000 | 0x00adffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000b70000 | 0x00b70000 | 0x00baffff | Private Memory | Readable, Writable |
|
|||
notepad.exe | 0x00e10000 | 0x00e3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000e40000 | 0x00e40000 | 0x0223ffff | Pagefile Backed Memory | Readable |
|
|||
staticcache.dat | 0x02240000 | 0x02b6ffff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000002b70000 | 0x02b70000 | 0x02f62fff | Pagefile Backed Memory | Readable |
|
|||
sortdefault.nls | 0x02f70000 | 0x0323efff | Memory Mapped File | Readable |
|
|||
uxtheme.dll | 0x731f0000 | 0x7326ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x73270000 | 0x7340dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x73410000 | 0x73417fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x73420000 | 0x7347bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x73480000 | 0x734befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winspool.drv | 0x746f0000 | 0x74740fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x74850000 | 0x74862fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74870000 | 0x74878fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x749f0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x74a00000 | 0x74a5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x74a60000 | 0x74abffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x74ad0000 | 0x74b5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x74b90000 | 0x74c0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x74c40000 | 0x74c85fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x74cb0000 | 0x758f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75960000 | 0x759fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x75a90000 | 0x75b12fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x75c50000 | 0x75cdffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x75ce0000 | 0x75deffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75df0000 | 0x75e46fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x75e50000 | 0x75eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76280000 | 0x7632bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x76330000 | 0x76348fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x76350000 | 0x764abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x764b0000 | 0x765affff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x766f0000 | 0x767bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x767c0000 | 0x767c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x767d0000 | 0x768bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000076aa0000 | 0x76aa0000 | 0x76bbefff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000076bc0000 | 0x76bc0000 | 0x76cb9fff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76cc0000 | 0x76e68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x76ea0000 | 0x7701ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".