Information | Value |
---|---|
ID | #1 |
File Name | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe |
Command Line | "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:00:26, Reason: Analysis Target |
Unmonitor | End Time: 00:00:46, Reason: Terminated |
Monitor Duration | 00:00:20 |
Information | Value |
---|---|
PID | 0x9c4 |
Parent PID | 0x2f8 (c:\windows\explorer.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
9C8
0x
9D4
0x
9D8
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | Readable |
|
|||
setupapi.dll.mui | 0x001f0000 | 0x001fcfff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
cversions.1.db | 0x002d0000 | 0x002d3fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d2fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d2fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002d0000 | 0x002d0000 | 0x002dbfff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002d0000 | 0x002d0000 | 0x002dbfff | Pagefile Backed Memory | Readable |
|
|||
underglaze.dll | 0x002d0000 | 0x002defff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | Readable, Writable |
|
|||
199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x00400000 | 0x0042dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
locale.nls | 0x00430000 | 0x00496fff | Memory Mapped File | Readable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db | 0x004a0000 | 0x004c3fff | Memory Mapped File | Readable |
|
|||
private_0x00000000004d0000 | 0x004d0000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000540000 | 0x00540000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000550000 | 0x00550000 | 0x006d7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000006e0000 | 0x006e0000 | 0x00860fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000870000 | 0x00870000 | 0x01c6ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001c70000 | 0x01c70000 | 0x01e3ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001c70000 | 0x01c70000 | 0x01d4efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001e00000 | 0x01e00000 | 0x01e3ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x01e40000 | 0x0210efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002110000 | 0x02110000 | 0x0220ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x02310fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x02310fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x02310fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x02310fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x0230ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002310000 | 0x02310000 | 0x02410fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002310000 | 0x02310000 | 0x02410fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002310000 | 0x02310000 | 0x02410fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002310000 | 0x02310000 | 0x02b10fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b20000 | 0x02b20000 | 0x02c6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b20000 | 0x02b20000 | 0x02bd0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c60000 | 0x02c60000 | 0x02c6ffff | Private Memory | Readable, Writable |
|
|||
system.dll | 0x10000000 | 0x10005fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x74c70000 | 0x74c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x74ca0000 | 0x74d94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shfolder.dll | 0x74da0000 | 0x74da4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74db0000 | 0x74db8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74dc0000 | 0x74f5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\hjrd1k~1\appdata\local\temp\nsc1ab0.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | 11.00 KB (11264 bytes) |
MD5:
b8992e497d57001ddf100f9c397fcef5
SHA1: e26ddf101a2ec5027975d2909306457c6f61cfbd SHA256: 98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b |
|
|
c:\users\hjrd1k~1\appdata\local\temp\weltprostatectomy | 194.13 KB (198787 bytes) |
MD5:
3ea29ee46b72c64cc3c76754a857f76b
SHA1: e4cdc788eb40ee773908427e4a0d7c0be7aaf3ea SHA256: d541518a91d01e36975affe36768723b47e566567c9f067343551e48c52e66fd |
|
|
c:\users\hjrd1k~1\appdata\local\temp\underglaze.dll | 46.50 KB (47616 bytes) |
MD5:
c28cf21b99b9df891a73ac7f066b9258
SHA1: 77d569d08a04ede2e0501538ccaeedf3bb54116e SHA256: 1c48c706b99f5985c608df7e1d347536758436500d81ac928cc8443020ee9f6b |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_ARCHIVE | 1 |
Fn
|
|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_DELETE_ON_CLOSE | 1 |
Fn
|
|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_NEW | 1 |
Fn
|
|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 7 |
Fn
|
|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\weltprostatectomy | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_ALWAYS | 1 |
Fn
|
|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\underglaze.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_ALWAYS | 1 |
Fn
|
|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\weltprostatectomy | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_DIRECTORY, FILE_ATTRIBUTE_DEVICE | 1 |
Fn
|
|
CREATE_DIR | c:\users\hjrd1k~1\appdata\local\temp | 1 |
Fn
|
||
CREATE_DIR | c:\users | 2 |
Fn
|
||
CREATE_DIR | c:\users\hjrd1k~1 | 2 |
Fn
|
||
CREATE_DIR | c:\users\hjrd1k~1\appdata | 2 |
Fn
|
||
CREATE_DIR | c:\users\hjrd1k~1\appdata\local | 2 |
Fn
|
||
CREATE_DIR | c:\users\hjrd1k~1\appdata\local\temp | 2 |
Fn
|
||
CREATE_DIR | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp | 1 |
Fn
|
||
CREATE_TMPFILE | c:\users\hjrd1k~1\appdata\local\temp\nsc1ab0.tmp | path = C:\Users\HJRD1K~1\AppData\Local\Temp\, prefix = nsc | 1 |
Fn
|
|
CREATE_TMPFILE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | path = C:\Users\HJRD1K~1\AppData\Local\Temp\, prefix = nss | 1 |
Fn
|
|
CREATE_TMPFILE | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp | path = C:\Users\HJRD1K~1\AppData\Local\Temp, prefix = nsx | 1 |
Fn
|
|
OPEN | STD_INPUT_HANDLE | 1 |
Fn
|
||
OPEN | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
OPEN | STD_ERROR_HANDLE | 1 |
Fn
|
||
READ | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | size = 512 | 66 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | size = 32768 | 7 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | size = 4813 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | size = 4 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | size = 16384 | 14 |
Fn
Data
|
|
READ | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 4 | 4 |
Fn
Data
|
|
READ | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 7450 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 11264 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16384 | 14 |
Fn
Data
|
|
READ | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 2179 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | size = 5297 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 14848 | 1 |
Fn
Data
|
|
READ | STD_OUTPUT_HANDLE | size = 198787 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 32768 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 910 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | size = 11264 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16163 | 3 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16174 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16153 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16170 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16157 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16168 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16154 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16175 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 16167 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 17105 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 16384 | 14 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 2179 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 28527 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp | size = 17748 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 14848 | 1 |
Fn
Data
|
|
FIND | C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 1 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\nsx1AE1.tmp | 1 |
Fn
|
||
FIND | C:\Users | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1 | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\nsx1AE1.tmp\System.dll | 1 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\nsx1AE1.tmp\System.dll | 7 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\WeltProstatectomy | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\underglaze.dll | 2 |
Fn
|
||
DELETE | c:\users\hjrd1k~1\appdata\local\temp\nsc1ab0.tmp | 1 |
Fn
|
||
DELETE | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp | 1 |
Fn
|
Operation | Process Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" | os_tid = 0x9e4, os_pid = 0x9e0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE | 1 |
Fn
|
|
SET_CURDIR | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | os_pid = 0x9c4, new_path_name = c:\users\hjrd1k~1\appdata\local\temp | 1 |
Fn
|
Operation | Address | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
ALLOC | 0x400000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 237568, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE | 1 |
Fn
|
|
READ | 0x7efde008 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 4 | 1 |
Fn
Data
|
|
WRITE | 0x400000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 1024 | 1 |
Fn
Data
|
|
WRITE | 0x400000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 0 | 1 |
Fn
|
|
WRITE | 0x438000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 5120 | 1 |
Fn
Data
|
|
WRITE | 0x437000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 512 | 1 |
Fn
Data
|
|
WRITE | 0x414000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 135168 | 1 |
Fn
Data
|
|
WRITE | 0x412000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 8192 | 1 |
Fn
Data
|
|
WRITE | 0x401000 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 68608 | 1 |
Fn
Data
|
|
WRITE | 0x7efde008 | process_name = "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" , os_pid = 0x9e0, size = 4 | 1 |
Fn
Data
|
Operation | Process Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
RESUME | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | os_tid = 0x9e4, os_pid = 0x9e0 | 1 |
Fn
|
|
GET_CONTEXT | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | os_tid = 0x9e4, os_pid = 0x9e0 | 1 |
Fn
|
|
SET_CONTEXT | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | os_tid = 0x9e4, os_pid = 0x9e0 | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | SHFOLDER | base_address = 0x74da0000 | 1 |
Fn
|
|
LOAD | C:\Users\HJRD1K~1\AppData\Local\Temp\nsx1AE1.tmp\System.dll | base_address = 0x10000000 | 1 |
Fn
|
|
LOAD | C:\Users\HJRD1K~1\AppData\Local\Temp\underglaze | 1 |
Fn
|
||
GET_HANDLE | SHFOLDER | base_address = 0x0 | 1 |
Fn
|
|
GET_HANDLE | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | base_address = 0x400000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\kernel32.dll | base_address = 0x76bb0000 | 15 |
Fn
|
|
GET_HANDLE | C:\Users\HJRD1K~1\AppData\Local\Temp\nsx1AE1.tmp\System.dll | base_address = 0x0 | 1 |
Fn
|
|
GET_HANDLE | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | base_address = 0x10000000 | 7 |
Fn
|
|
GET_HANDLE | C:\Users\HJRD1K~1\AppData\Local\Temp\underglaze | base_address = 0x0 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\ntdll.dll | base_address = 0x77540000 | 2 |
Fn
|
|
UNMAP | "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" | os_pid = 0x9e0, base_address = 0x400000 | 1 |
Fn
|
|
GET_FILENAME | SHFOLDER | file_name = C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 1 |
Fn
|
|
GET_FILENAME | C:\Users\HJRD1K~1\AppData\Local\Temp\underglaze | file_name = C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\shfolder.dll | function = SHGetFolderPathA, address = 0x74da1528 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultUILanguage, address = 0x76bc44ab | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | function = Call, address = 0x100016bd | 7 |
Fn
|
|
GET_PROC_ADDRESS | c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll | function = Alloc, address = 0x10001000 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = CreateProcess, address = 0x0 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address = 0x76bc1072 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetEnvironmentVariableA, address = 0x76bce331 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetEnvironmentVariableAA, address = 0x0 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address = 0x76bc4f2b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address = 0x76bc1252 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address = 0x76bc4208 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsFree, address = 0x76bc359f | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address = 0x77580fcb | 8 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address = 0x77579d35 | 3 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address = 0x76bc1856 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableA, address = 0x76bc33a0 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address = 0x76bc7a10 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address = 0x76bc168c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address = 0x76bc5a4b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ntdll.dll | function = RtlDecompressBuffer, address = 0x775ffded | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address = 0x76bc51a1 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = VirtualAllocEx, address = 0x76bdd9b0 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = GetThreadContext, address = 0x76be79d4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = ReadProcessMemory, address = 0x76bdcfcc | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ntdll.dll | function = NtUnmapViewOfSection, address = 0x7755fc70 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = WriteProcessMemory, address = 0x76bdd9e0 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetThreadContext, address = 0x76c45393 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address = 0x76bc43ef | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = Sleep, address = 0x76bc10ff | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
FIND | Start | 125 |
Fn
|
||
FIND | Start | 124 |
Fn
|
Information | Value |
---|---|
ID | #2 |
File Name | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe |
Command Line | "C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe" |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:00:39, Reason: Child Process |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:01:47 |
Information | Value |
---|---|
PID | 0x9e0 |
Parent PID | 0x9c4 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
9E4
0x
A58
0x
A5C
0x
A60
0x
A64
0x
AF4
0x
AFC
0x
B00
0x
B8C
0x
B90
0x
B94
0x
B98
0x
BCC
0x
BD8
0x
BE4
0x
914
0x
918
0x
880
0x
8CC
0x
208
0x
238
0x
7EC
0x
A24
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a1fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | Readable |
|
|||
setupapi.dll.mui | 0x00220000 | 0x0022cfff | Memory Mapped File | Readable, Writable |
|
|||
rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00230000 | 0x0026bfff | Memory Mapped File | Readable |
|
|||
c_1251.nls | 0x00230000 | 0x00240fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000250000 | 0x00250000 | 0x00250fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000260000 | 0x00260000 | 0x00260fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000270000 | 0x00270000 | 0x002affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002b0000 | 0x002b0000 | 0x0032ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000330000 | 0x00330000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x003affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003b0000 | 0x003b0000 | 0x003effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Pagefile Backed Memory | Readable |
|
|||
199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x00400000 | 0x0042dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000000400000 | 0x00400000 | 0x00439fff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000440000 | 0x00440000 | 0x0051efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000520000 | 0x00520000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|||
windowsshell.manifest | 0x00530000 | 0x00530fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000530000 | 0x00530000 | 0x00530fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000540000 | 0x00540000 | 0x0063ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000640000 | 0x00640000 | 0x007c7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007d0000 | 0x007d0000 | 0x00950fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000960000 | 0x00960000 | 0x01d5ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001d60000 | 0x01d60000 | 0x01e5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e60000 | 0x01e60000 | 0x01e9ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x01ea0000 | 0x0216efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002170000 | 0x02170000 | 0x0229ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002170000 | 0x02170000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002170000 | 0x02170000 | 0x021affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000021b0000 | 0x021b0000 | 0x021b1fff | Pagefile Backed Memory | Readable |
|
|||
cversions.1.db | 0x021c0000 | 0x021c3fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000021c0000 | 0x021c0000 | 0x021c1fff | Pagefile Backed Memory | Readable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db | 0x021d0000 | 0x021f3fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000002200000 | 0x02200000 | 0x02200fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000002210000 | 0x02210000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|||
cversions.2.db | 0x02250000 | 0x02253fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002260000 | 0x02260000 | 0x0229ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x0242ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x0240ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x0239ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x023affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022a0000 | 0x022a0000 | 0x023bffff | Private Memory | Readable, Writable |
|
|||
kernel32.dll.mui | 0x022a0000 | 0x0235ffff | Memory Mapped File | Readable, Writable |
|
|||
shell32.dll.mui | 0x02360000 | 0x023bbfff | Memory Mapped File | Readable, Writable |
|
|||
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db | 0x023c0000 | 0x023effff | Memory Mapped File | Readable |
|
|||
cversions.2.db | 0x023f0000 | 0x023f3fff | Memory Mapped File | Readable |
|
|||
cversions.2.db | 0x02400000 | 0x02403fff | Memory Mapped File | Readable |
|
|||
{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db | 0x02410000 | 0x02410fff | Memory Mapped File | Readable |
|
|||
wordpad.exe.mui | 0x02420000 | 0x0242cfff | Memory Mapped File | Readable, Writable |
|
|||
wordpad.exe.mui | 0x02420000 | 0x0242cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002430000 | 0x02430000 | 0x0262ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002630000 | 0x02630000 | 0x0282ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002830000 | 0x02830000 | 0x02a2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a30000 | 0x02a30000 | 0x02c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c30000 | 0x02c30000 | 0x02e2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e30000 | 0x02e30000 | 0x02f30fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e30000 | 0x02e30000 | 0x02f30fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e30000 | 0x02e30000 | 0x02f30fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e30000 | 0x02e30000 | 0x0302ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003030000 | 0x03030000 | 0x0312ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003130000 | 0x03130000 | 0x03230fff | Private Memory | Readable, Writable |
|
|||
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x03130000 | 0x03195fff | Memory Mapped File | Readable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x032a0fff | Private Memory | Readable, Writable |
|
|||
wordpad.exe | 0x031a0000 | 0x035aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wordpad.exe | 0x031a0000 | 0x035aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x00000000031a0000 | 0x031a0000 | 0x0329ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x033a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000032a0000 | 0x032a0000 | 0x0349ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000034a0000 | 0x034a0000 | 0x034dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000034e0000 | 0x034e0000 | 0x036dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000036e0000 | 0x036e0000 | 0x0376ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000036e0000 | 0x036e0000 | 0x0371ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000036e0000 | 0x036e0000 | 0x0371ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000036e0000 | 0x036e0000 | 0x0371ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003720000 | 0x03720000 | 0x03720fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003730000 | 0x03730000 | 0x0376ffff | Private Memory | Readable, Writable |
|
|||
staticcache.dat | 0x03770000 | 0x0409ffff | Memory Mapped File | Readable |
|
|||
private_0x00000000040a0000 | 0x040a0000 | 0x041fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000040a0000 | 0x040a0000 | 0x0411ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004120000 | 0x04120000 | 0x04120fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004130000 | 0x04130000 | 0x0432ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004130000 | 0x04130000 | 0x0426ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004130000 | 0x04130000 | 0x04137fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000004130000 | 0x04130000 | 0x04137fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000004130000 | 0x04130000 | 0x04137fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000004130000 | 0x04130000 | 0x0416ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004130000 | 0x04130000 | 0x04130fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000004140000 | 0x04140000 | 0x04141fff | Pagefile Backed Memory | Readable |
|
|||
oleaccrc.dll | 0x04150000 | 0x04150fff | Memory Mapped File | Readable |
|
|||
msttsdecwrp.dll | 0x04150000 | 0x0415afff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000004150000 | 0x04150000 | 0x04150fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000004160000 | 0x04160000 | 0x04161fff | Private Memory | Readable, Writable, Executable |
|
|||
cversions.2.db | 0x04170000 | 0x04173fff | Memory Mapped File | Readable |
|
|||
propsys.dll.mui | 0x04180000 | 0x0418dfff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000004190000 | 0x04190000 | 0x04190fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000041a0000 | 0x041a0000 | 0x041dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000041a0000 | 0x041a0000 | 0x041dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000041e0000 | 0x041e0000 | 0x0421ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000041f0000 | 0x041f0000 | 0x041fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004200000 | 0x04200000 | 0x043fffff | Private Memory | Readable, Writable |
|
|||
stdole2.tlb | 0x04220000 | 0x04223fff | Memory Mapped File | Readable |
|
|||
wdmaud.drv.mui | 0x04220000 | 0x04220fff | Memory Mapped File | Readable, Writable |
|
|||
mmdevapi.dll.mui | 0x04230000 | 0x04230fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000004240000 | 0x04240000 | 0x0424ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004240000 | 0x04240000 | 0x04241fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000004250000 | 0x04250000 | 0x04250fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004260000 | 0x04260000 | 0x0426ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004270000 | 0x04270000 | 0x0446ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004400000 | 0x04400000 | 0x048f1fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004470000 | 0x04470000 | 0x0466ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004470000 | 0x04470000 | 0x04961fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004470000 | 0x04470000 | 0x0466ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004470000 | 0x04470000 | 0x0466ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004670000 | 0x04670000 | 0x0483ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004670000 | 0x04670000 | 0x0476ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004770000 | 0x04770000 | 0x047affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000047b0000 | 0x047b0000 | 0x047effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000047f0000 | 0x047f0000 | 0x047f0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004830000 | 0x04830000 | 0x0483ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004840000 | 0x04840000 | 0x04a3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004900000 | 0x04900000 | 0x049fffff | Private Memory | Readable, Writable |
|
|||
tmpb9dc.bmp | 0x04970000 | 0x04e61fff | Memory Mapped File | Readable |
|
|||
private_0x0000000004970000 | 0x04970000 | 0x04e61fff | Private Memory | Readable, Writable |
|
|||
m1033dsk.tts | 0x04a40000 | 0x04c91fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000004ca0000 | 0x04ca0000 | 0x0509ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000004e70000 | 0x04e70000 | 0x05361fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004e70000 | 0x04e70000 | 0x05361fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000050a0000 | 0x050a0000 | 0x053a8fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000053b0000 | 0x053b0000 | 0x055affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000055b0000 | 0x055b0000 | 0x059b1fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000059c0000 | 0x059c0000 | 0x05bbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000005bc0000 | 0x05bc0000 | 0x05dbffff | Private Memory | Readable, Writable |
|
|||
winsta.dll | 0x72470000 | 0x72498fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
midimap.dll | 0x724a0000 | 0x724a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msacm32.drv | 0x724b0000 | 0x724b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
audioses.dll | 0x724c0000 | 0x724f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ksuser.dll | 0x72500000 | 0x72503fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wdmaud.drv | 0x72510000 | 0x7253ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
avrt.dll | 0x72580000 | 0x72586fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shfolder.dll | 0x72d00000 | 0x72d04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msttscommon.dll | 0x72d10000 | 0x72d1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msttsfrontendenu.dll | 0x72d20000 | 0x72d65fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msttsengine.dll | 0x72d70000 | 0x72d97fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mmdevapi.dll | 0x72da0000 | 0x72dd8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msdmo.dll | 0x72ea0000 | 0x72eaafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msacm32.dll | 0x72eb0000 | 0x72ec3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winmm.dll | 0x72ed0000 | 0x72f01fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sapi.dll | 0x72f90000 | 0x730b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d9.dll | 0x73b40000 | 0x73d02fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ieproxy.dll | 0x73d20000 | 0x73d4afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sxs.dll | 0x73d50000 | 0x73daefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
photobase.dll | 0x73dc0000 | 0x73dcbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleacc.dll | 0x73dd0000 | 0x73e0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x73e10000 | 0x73e19fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d8thk.dll | 0x73e20000 | 0x73e25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wtsapi32.dll | 0x73e30000 | 0x73e3cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wtsapi32.dll | 0x73e30000 | 0x73e3cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
photoviewer.dll | 0x73e70000 | 0x73fd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apphelp.dll | 0x74040000 | 0x7408bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
windowscodecs.dll | 0x74650000 | 0x7474afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
searchfolder.dll | 0x74750000 | 0x747effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x747f0000 | 0x748e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x748f0000 | 0x74902fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iconcodecservice.dll | 0x74a40000 | 0x74a45fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x74a50000 | 0x74a70fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74a80000 | 0x74c1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x74b20000 | 0x74bb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x74b20000 | 0x74bb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x74b20000 | 0x74bb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x74b50000 | 0x74b67fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x74b50000 | 0x74b67fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x74b50000 | 0x74b67fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x74b70000 | 0x74c05fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x74b70000 | 0x74c05fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x74b70000 | 0x74c05fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x74bc0000 | 0x74c1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x74bc0000 | 0x74c1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x74bc0000 | 0x74c1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x74c10000 | 0x74c1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x74c10000 | 0x74c1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x74c10000 | 0x74c1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x74c30000 | 0x74c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x74c30000 | 0x74c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x74c30000 | 0x74c8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
linkinfo.dll | 0x74c30000 | 0x74c38fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x74c40000 | 0x74c4afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74c50000 | 0x74c54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x74c60000 | 0x74c77fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x74c60000 | 0x74c77fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x74c60000 | 0x74c77fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74c60000 | 0x74c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x74c80000 | 0x74c89fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x74c80000 | 0x74c89fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x74c80000 | 0x74c89fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x74c90000 | 0x74c99fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x74c90000 | 0x74c9efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x74c90000 | 0x74c99fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x74c90000 | 0x74c9efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x74c90000 | 0x74c99fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x74c90000 | 0x74c9efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
powrprof.dll | 0x74d10000 | 0x74d34fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
samcli.dll | 0x74d40000 | 0x74d4efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74d50000 | 0x74d5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74d60000 | 0x74d78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74d80000 | 0x74d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74d90000 | 0x74da0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74db0000 | 0x74dc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x74dd0000 | 0x74f5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x76250000 | 0x76344fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x76720000 | 0x76855fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x76860000 | 0x76a5afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
---|---|---|---|---|---|---|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x400000, size = 1024 | 1 |
Fn
Data
|
|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x438000, size = 5120 | 1 |
Fn
Data
|
|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x437000, size = 512 | 1 |
Fn
Data
|
|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x414000, size = 135168 | 1 |
Fn
Data
|
|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x412000, size = 8192 | 1 |
Fn
Data
|
|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x401000, size = 68608 | 1 |
Fn
Data
|
|
Modify Memory | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | address = 0x7efde008, size = 4 | 1 |
Fn
Data
|
|
Modify Control Flow | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 0x9c8 | os_thread_id = 0x9e4 | 1 |
Fn
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\speech\files\userlexicons\sp_8886b512a0c8413698af6a90c3ce8910.dat | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
c:\users\hjrd1koky ds8lujv\documents\mk1qeyh-ob.87b1 | 73.28 KB (75035 bytes) |
MD5:
4c10f0168f3b02e9141d59de4e1d0e15
SHA1: 5a444a6894ef56f9563e3d003aea3462f40d3704 SHA256: acf797de243ab8d35839fa040da4cd725d1e5cca7e9f6f7263dce57be0e94954 |
|
|
c:\users\hjrd1koky ds8lujv\documents\_read_this_file_oy87az4_.hta | 74.96 KB (76756 bytes) |
MD5:
f7f337f3990f508f408de7d1eb406c25
SHA1: bc8fb21fc8e99a025ff5257be717e9cd9e099ab2 SHA256: 3b5db7edeae403f4cb3e0d4500ef6c6f17a2da01411cbedd584b1fc2794df342 |
|
|
c:\users\hjrd1koky ds8lujv\documents\_read_this_file_sna5m_.txt | 1.31 KB (1337 bytes) |
MD5:
2833e6543ea2ea5b81f63a1b6d6a832a
SHA1: 9130c4ab860fcda421cf56372491ab3f1901dccd SHA256: a44098297ee6f900f25696ef91ada5e19c3a3e3f00276a0e239b36fb20850341 |
|
|
c:\users\hjrd1koky ds8lujv\documents\_read_this_file_gwjrx_.jpeg | 212.32 KB (217414 bytes) |
MD5:
d9c206a13f332e13b83c6da60f44b2c3
SHA1: 5d68e9e078073f0b5ca8d19613e301c1b3a8287b SHA256: b48ca40156c2c9424d270cbeae0b5efd72eb5125bec85088b785afb12d320c4b |
|
|
c:\users\hjrd1koky ds8lujv\documents\mcjgdc9uzh.87b1 | 55.62 KB (56953 bytes) |
MD5:
4b8adffa3a05089e860070930df0bbb4
SHA1: 49503f85337dc8a95723801f4593eccfe89ec503 SHA256: cdacb76afcb791e7aaa3678af9ef79d7954e959f98b9c90231b03ba8def0780f |
|
|
c:\users\hjrd1koky ds8lujv\documents\wzrlp-viqf.87b1 | 68.60 KB (70250 bytes) |
MD5:
8cd6d2be6322010cbaf49993b3fcc83c
SHA1: b58109eea23dd22e630795c4a4e8924d1911e240 SHA256: 7ff6030be999e27d22bb21ddf66f4567676f9d05c10e97e390a4866e719d194a |
|
|
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\speech\files\userlexicons\sp_8886b512a0c8413698af6a90c3ce8910.dat | 0.92 KB (940 bytes) |
MD5:
9ed60b54a6e0241b17b7374ccd806cf2
SHA1: 304d806ce0a579520566c7f20da3e87c63141ee8 SHA256: 6fa15f84277575a6479466590ffa4c9d7e3a537e18cebb28c8bf908416d86a29 |
|
|
c:\users\hjrd1koky ds8lujv\documents\5t950ijtgp.87b1 | 87.83 KB (89936 bytes) |
MD5:
c776b1e64d090bf233740c86d4593d04
SHA1: 4af7687c4e0542ce59e04b1e5033a9b31b30d65a SHA256: 308c86b083470945364e9a305b4f41cf1bb9cb024711394a0af9c46735d08313 |
|
|
c:\users\hjrd1koky ds8lujv\documents\3-rxwcu45h.87b1 | 52.85 KB (54114 bytes) |
MD5:
01a056c15cb169473e14633714c6b417
SHA1: 116c47a9d48821490ca66ad9fb398e643f7b3c6c SHA256: a837725cd9d36c974d0d97bf4a07dc504ac0f98709caa5daca544b891d051f87 |
|
|
c:\users\hjrd1koky ds8lujv\documents\6ruskhssp7.87b1 | 8.26 KB (8457 bytes) |
MD5:
aa8125924efe88742156fa6259dee81c
SHA1: 6e89849a684cd7ad434e812cb465d7e42e77d5e2 SHA256: f938728aec5f0df975bf9e48d563c5350f21662e7549d782262ddf027f147094 |
|
|
c:\users\hjrd1koky ds8lujv\documents\o-syix25yo.87b1 | 86.99 KB (89073 bytes) |
MD5:
be07a1ed3e9fd566763194e0aa4d7beb
SHA1: 21b2746e03236e599718217024f7676ee2071bc3 SHA256: 3daf3968b4a3237b6de88af84ab2bae79feb3c6126340dec306c3b393f0e9947 |
|
|
c:\users\hjrd1koky ds8lujv\documents\feqr8sill4.87b1 | 68.31 KB (69948 bytes) |
MD5:
a8734a5f1b95185aa76a4790692f3e0c
SHA1: e17b03b664d559efe912b9722224c34370396837 SHA256: 7caa186363cff7d613e379d47656c7bd4780d8344b6642bd1544966add1a49dd |
|
|
c:\users\hjrd1koky ds8lujv\documents\kfgfxkxkom.87b1 | 25.54 KB (26155 bytes) |
MD5:
86f18f04b4afccb136f9a77ea94b83a8
SHA1: bfb36bfa1792142d767eaf847157f8aafcd0564a SHA256: 7e663508034a7737a19c98921f2f6c4f8b735fb400d5bb51ad4f8ad9ce3c710f |
|
|
c:\users\hjrd1koky ds8lujv\documents\bc32lqwvc8.87b1 | 4.86 KB (4977 bytes) |
MD5:
d8c53d657b5738fdc4bfee84846bb49d
SHA1: ac912237dc6f37b10a78f44899265146716de631 SHA256: 28dd3ba9c48f73de72b64d2f529ae3e0591a77455d91e5e47170cb9b82895710 |
|
|
c:\users\hjrd1koky ds8lujv\documents\4lllybc7sv.87b1 | 25.20 KB (25804 bytes) |
MD5:
9bc9ca7a29c0a029cd892ad5238a751e
SHA1: 710ac7bdca207d25f9e19c680f3b8c84544e4fc1 SHA256: 1c066455c8526a83c02c95c66b1e3e809476102752f87a7226cb931f598b53cb |
|
|
c:\users\hjrd1koky ds8lujv\documents\53btro0x1v.87b1 | 13.97 KB (14306 bytes) |
MD5:
14e28e545cae88ba3254622636e0f3fc
SHA1: 6a48daa2b71835cd1b918b2ef1b7130e7246ba3f SHA256: a058d96d0fc0bcf0b2f0567a476217584b605b004bd17e67698b1d52df50cea3 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\rfhurs7sso.87b1 | 91.52 KB (93713 bytes) |
MD5:
242b80450958cc21a66cd95664ca7a56
SHA1: dcf7394d752938154e2735da66346ef87b5d04e2 SHA256: 8f8675069075df930da51c4dda4f4b42b4a936e2c02967723e9ed3ec000630d8 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\9lvsdwjl5r.87b1 | 64.62 KB (66166 bytes) |
MD5:
190bf22610881f88218e688a14e23848
SHA1: 170072a838eacd7f55b70b835841c39f792d2c38 SHA256: c295e1eebf59820562d02be3df1968d8c6dd1aea7168f96cc750098e3d302a77 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\lhnlle1mra.87b1 | 63.65 KB (65182 bytes) |
MD5:
3736eee89088291efa1a57af1ea59219
SHA1: 3cac4833b2aee81a58a53048efc5d395e5baab3d SHA256: 4c79b89e89efcb8df933a6b1a9269a0f0818f1e9cb05b5c57ec0a576e77a3fe1 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\chbopzauxb.87b1 | 54.06 KB (55354 bytes) |
MD5:
ef3b01980aac5f6a6bc7187e90e16d48
SHA1: e62f9de41953bf56e59cd40c2b4374316b9ffb71 SHA256: cd5878c1e802fc4a287739cae20e3995de14716afce7b4b1db30abb848f689ba |
|
|
c:\users\hjrd1koky ds8lujv\desktop\72wdecdose.87b1 | 12.09 KB (12380 bytes) |
MD5:
a9c8bc62358ecdd09b3bb9f7af658d86
SHA1: b6f74fe681bb0f279fe3bc8897bebdcfeede768d SHA256: ac520174432f4e91f38089eeadad5c9995912857c114693099963268b9b9201b |
|
|
c:\users\hjrd1koky ds8lujv\desktop\0ly1wwj-os.87b1 | 70.74 KB (72441 bytes) |
MD5:
f1a0aa1e145408cbb71f8b346bde5953
SHA1: f3793ce77dc6d6a032ff74f60ecada19d346dab9 SHA256: f675c824db2daf04c4ae46004e329d3402db172e3f438d317d27d09cae8c9675 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\c2tneqkoop.87b1 | 32.54 KB (33318 bytes) |
MD5:
81dc47ec8da44dfe5eaab125b8fb73c9
SHA1: 9faac82646de31f9bbff121c1e4321faab092780 SHA256: 966114724db95d8dae5ff03f14732559f32349e5b3596f2ab985d9dbeefb0991 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\-pnznezwur.87b1 | 8.37 KB (8575 bytes) |
MD5:
9c71f9fc0b2702e53abe6b1af542e3b1
SHA1: 60a3aefdcc45d541c49b37b0a06ed8fdb50cc73d SHA256: 8654976d3d92b92b13cfb3c63b5f7907b23bb79a03c280b4da5feb34ce5ba092 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\pwebptr7kd.87b1 | 46.79 KB (47908 bytes) |
MD5:
75953340e30b4b8cf2e6aae1f83d6e7a
SHA1: bb8a98393eac07de567781e96ae18f97bc888962 SHA256: 17e6cb049d9193351c4976a7a99ca6f581a705a5c6aecdd29628ae27d41b65d2 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\0giaekeqpv.87b1 | 35.55 KB (36399 bytes) |
MD5:
2f6154d1d89ba330fd6dc62a846efeef
SHA1: 19972f5d7a3c10d60202c297eb7f7d80de66db62 SHA256: 0895d3920b2fa9f46eb6e5e749b4b1ee25ad426aeb493ed1aa3f6d41748218a6 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\-pnrexrevr.87b1 | 63.06 KB (64571 bytes) |
MD5:
59b1f0939875ff081e368dd9374b5f74
SHA1: b6b91940caa81756e0f3b67d1cc320e7c69b2670 SHA256: a9bcc755b5e8a1b2e556f6405408b4152e0cf795bc038bd6976707ab89d5e214 |
|
|
c:\users\hjrd1koky ds8lujv\desktop\iqit9zczod.87b1 | 68.56 KB (70204 bytes) |
MD5:
2ad357a4bbf046cc8db0ec99d5914e10
SHA1: f8f34bd7644df09688618461312c5c76c02e2426 SHA256: 0c926ce1ef061e38aac15aaad4addd6826063774c6e2a2b9b537aa2fca44ee1d |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | 73.28 KB (75035 bytes) |
MD5:
4c10f0168f3b02e9141d59de4e1d0e15
SHA1: 5a444a6894ef56f9563e3d003aea3462f40d3704 SHA256: acf797de243ab8d35839fa040da4cd725d1e5cca7e9f6f7263dce57be0e94954 |
|
|
c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | 55.62 KB (56953 bytes) |
MD5:
4b8adffa3a05089e860070930df0bbb4
SHA1: 49503f85337dc8a95723801f4593eccfe89ec503 SHA256: cdacb76afcb791e7aaa3678af9ef79d7954e959f98b9c90231b03ba8def0780f |
|
|
c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | 68.60 KB (70250 bytes) |
MD5:
8cd6d2be6322010cbaf49993b3fcc83c
SHA1: b58109eea23dd22e630795c4a4e8924d1911e240 SHA256: 7ff6030be999e27d22bb21ddf66f4567676f9d05c10e97e390a4866e719d194a |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | c:\users\hjrd1k~1\appdata\local\temp\6017762e\5ca4.tmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_EXISTING | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_oy87az4_.hta | desired_access = GENERIC_WRITE, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_sna5m_.txt | desired_access = GENERIC_WRITE, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_gwjrx_.jpeg | desired_access = GENERIC_WRITE, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_EXISTING | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_oy87az4_.hta | desired_access = GENERIC_WRITE, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_sna5m_.txt | desired_access = GENERIC_WRITE, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_gwjrx_.jpeg | desired_access = GENERIC_WRITE, create_disposition = CREATE_NEW, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = OPEN_EXISTING | 1 |
Fn
|
|
CREATE_DIR | c:\users\hjrd1k~1\appdata\local\temp\6017762e | 1 |
Fn
|
||
MOVE | c:\users\hjrd1koky ds8lujv\documents\mk1qeyh-ob.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\mcjgdc9uzh.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\wzrlp-viqf.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\vy9me4vcgy.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\4zylz8nvl.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\5t950ijtgp.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\5748pkeb4u6jrpogsd6.pptx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\3-rxwcu45h.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\9zd kfwq-ltsr bt.pptx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\6ruskhssp7.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\cnklxafszhozzrocc.xlsx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\o-syix25yo.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\dagtlz9umh4kpe_.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\ub7sqjzikr.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\f86pb83io_tkban1xrq.xlsx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\feqr8sill4.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\g5vj.csv | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\kfgfxkxkom.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\hex3_ifrkmddsx.pptx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\bc32lqwvc8.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\iti916p.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\xku0mxjiqd.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\k_4d.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\4lllybc7sv.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\n5qgjtqzhp-rooywyw.ods | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\ptenoxu0wv.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\pf0i6vc9bsb8qyde05.xlsx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\of0hi57jnr.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\sf dxs.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\qstzackcas.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\tduxrvybwwlj5-r.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\53btro0x1v.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\yanz8lfrp.pptx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\v8hw1zhluq.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\9dbrybjoudhnlbv3.ppt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\3f9zwalgsc.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\6_xzrioom0c2n5m4619-.odp | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\d4wcraacr0.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\pcjlckgfzbc5et.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\i1njmp67n1.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\pnzi-xajxne4eb73.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\_esg\j2ut2epxgw.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\_esg\5r8uljqif.xls | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\hl1esuqlhc.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\glxfc.ppt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\vz9jirxbis.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\h5 hy6tvuyt.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\8hxr0ftbjx.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\nyft_mipyw.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\qzr2ggbmex.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\tgriqsh_nf.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\06uohzs8yyosupo_9o\p0-pneyqst.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\06uohzs8yyosupo_9o\rb7eoznm5_z1z1qgn1vr.ods | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\x9hko2pw3n.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mcj3mfiflkkjv 4n7.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\rfvdkvoqb4.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\0nr4blvtulmaxi q0zl.pps | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\efwmoeva8l.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\4e vaxuu-fkwdlca08.odt | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\m_paqapiijrmm0wvr\sv5essfdnb.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\m_paqapiijrmm0wvr\lrwzqbrkfym_lya2j.csv | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\svtfdbsz7s.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\q8hv3etm5rchja2kzp.csv | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\njq2014luc.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\vbojiv-ug95.odp | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\cqrpipy0zz.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\zdtc.odp | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\rky7vzipgi.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\osz7f.xls | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\bsy9stedtm.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\l5nqs z6.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\documents\vbbs4ocxu7.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\documents\zfhxlx9t8ojbbvjhh.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\rfhurs7sso.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\0ee7y22oyidj0hfv.png | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\uqc5salb7s.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\6lqcuaymafbrlvvi.gif | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\9lvsdwjl5r.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\94lbtspxw0_4ce.avi | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\lhnlle1mra.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\9_xhb6hs_.gif | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\wbb1nyns3p.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\bwilg97bej1t.jpg | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\chbopzauxb.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\f7dnw.docx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\veywf8wha8.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\h-zt.wav | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\72wdecdose.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\hbamswsug_ajwgp47e.wav | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\0ly1wwj-os.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\hkjvu.bmp | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\gwt-58hjfg.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\hmgv.pptx | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\c2tneqkoop.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\ik_q57btt5wemnzymbni.gif | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\di0j78nei8.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\jqe4wnyiy3ydj.pps | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\-pnznezwur.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\ljuosc6fhnajjfuwrl.mp4 | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\upuwmuujmx.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\llua7ex4.mkv | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\pwebptr7kd.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\mekcloizgioyi8rulz.jpg | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\dxdyezvful.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\mtg2 qgc3se.swf | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\vht8oxtuze.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\rmcih-tnqh86ajeu.bmp | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\vpvlgzp8bf.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\vyzfvvaz8d5x4mdvz.rtf | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\aedmpdy8pf.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\oxu n.mp3 | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\tvetgsqfbn.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\ufo2czma7o.gif | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\epkv1ui7jc.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\ulp1gtl5ewpicpm1maeo.m4a | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\yftdfezaul.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\wi3v-oc4.mp3 | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\0giaekeqpv.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\xinkpyccah_mlh.doc | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\-pnrexrevr.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\ynnruglllfovw evj0ja.mp3 | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\gd2xehcq-b.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\yxmcgxxs0ug.ots | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\iqit9zczod.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\zhllws.m4a | 1 |
Fn
|
|
MOVE | c:\users\hjrd1koky ds8lujv\desktop\gv3qqjxq43.87b1 | source_file_name = c:\users\hjrd1koky ds8lujv\desktop\_dol71dzxmdgahnese.jpg | 1 |
Fn
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 60 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 72751 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | size = 60 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | size = 54675 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 60 | 63 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 67952 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 95491 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 87638 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 51822 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 6163 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 86783 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 69157 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 67682 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 23867 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 2703 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 99286 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 23510 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 81752 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 10409 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 18804 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 12028 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 37907 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 20082 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 13762 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 42968 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 21203 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 21930 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 31089 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 76434 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 19648 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 15645 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 3912 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 46734 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 71251 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 55457 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 13173 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 50570 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 17171 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 92781 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 13061 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 68202 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 91423 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 71419 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 63880 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 62906 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 80841 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 53084 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 14449 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 10086 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 70173 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 60204 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 31020 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 32004 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 6281 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 11243 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 45614 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 37531 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 43850 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 27732 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 74488 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 63389 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 74141 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 55132 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 34113 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 62273 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 61022 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 67934 | 1 |
Fn
Data
|
|
READ | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 83711 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 72751 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 60 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 66 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 110 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx | size = 256 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_oy87az4_.hta | size = 76756 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_sna5m_.txt | size = 1337 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\_read_this_file_gwjrx_.jpeg | size = 217414 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | size = 54675 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | size = 60 | 2 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | size = 110 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx | size = 256 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 67952 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 60 | 68 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 80 | 8 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 110 | 63 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 256 | 63 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 95491 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 87638 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 51822 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 74 | 4 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 6163 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 76 | 9 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 86783 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 72 | 6 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 69157 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 67682 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 48 | 3 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 23867 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 70 | 2 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 2703 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 56 | 3 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 99286 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 50 | 6 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 23510 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 81752 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 78 | 2 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 10409 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 54 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 18804 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 12028 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 37907 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 20082 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 13762 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 68 | 3 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 42968 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 21203 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 58 | 3 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 21930 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 31089 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 64 | 2 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 76434 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 19648 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 15645 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 3912 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 46734 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 71251 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 55457 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 13173 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 50570 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 62 | 3 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 17171 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 92781 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 13061 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 68202 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 91423 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 71419 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 63880 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 62906 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 80841 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 53084 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 52 | 2 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 14449 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 10086 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 70173 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 60204 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 31020 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 32004 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 66 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 6281 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 11243 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 45614 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 37531 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 43850 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 27732 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 74488 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 63389 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 74141 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 55132 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 34113 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 62273 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 61022 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 67934 | 1 |
Fn
Data
|
|
WRITE | c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx | size = 83711 | 1 |
Fn
Data
|
|
FIND | C:\test\cerber_debug.txt | 1 |
Fn
|
||
FIND | C:\Program Files (x86)\Windows Defender\* | 1 |
Fn
|
||
FIND | C:\Program Files (x86)\Windows Defender\en-US\* | 1 |
Fn
|
||
FIND | C:\Users | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1 | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp | 2 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\6017762e | 1 |
Fn
|
||
FIND | C:\Users\HJRD1K~1\AppData\Local\Temp\6017762e | 1 |
Fn
|
||
FIND | c: | 1 |
Fn
|
||
FIND | c:\* | 1 |
Fn
|
||
FIND | c:\$recycle.bin\ | 1 |
Fn
|
||
FIND | c:\boot\ | 1 |
Fn
|
||
FIND | c:\perflogs\ | 2 |
Fn
|
||
FIND | c:\program files\ | 2 |
Fn
|
||
FIND | c:\program files (x86)\ | 2 |
Fn
|
||
FIND | c:\programdata\ | 1 |
Fn
|
||
FIND | c:\recovery\ | 1 |
Fn
|
||
FIND | c:\system volume information\ | 1 |
Fn
|
||
FIND | c:\users\ | 2 |
Fn
|
||
FIND | c:\users\* | 1 |
Fn
|
||
FIND | c:\users\default\ | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\ | 1 |
Fn
|
||
FIND | c:\users\public\ | 2 |
Fn
|
||
FIND | c:\users\public\* | 1 |
Fn
|
||
FIND | c:\users\public\desktop\ | 1 |
Fn
|
||
FIND | c:\users\public\documents\ | 2 |
Fn
|
||
FIND | c:\users\public\documents\* | 1 |
Fn
|
||
FIND | c:\users\public\downloads\ | 2 |
Fn
|
||
FIND | c:\users\public\downloads\* | 1 |
Fn
|
||
FIND | c:\users\public\favorites\ | 1 |
Fn
|
||
FIND | c:\users\public\libraries\ | 1 |
Fn
|
||
FIND | c:\users\public\music\ | 2 |
Fn
|
||
FIND | c:\users\public\music\* | 1 |
Fn
|
||
FIND | c:\users\public\music\sample music\ | 1 |
Fn
|
||
FIND | c:\users\public\pictures\ | 2 |
Fn
|
||
FIND | c:\users\public\pictures\* | 1 |
Fn
|
||
FIND | c:\users\public\pictures\sample pictures\ | 1 |
Fn
|
||
FIND | c:\users\public\recorded tv\ | 2 |
Fn
|
||
FIND | c:\users\public\recorded tv\* | 1 |
Fn
|
||
FIND | c:\users\public\recorded tv\sample media\ | 2 |
Fn
|
||
FIND | c:\users\public\recorded tv\sample media\* | 1 |
Fn
|
||
FIND | c:\users\public\videos\ | 2 |
Fn
|
||
FIND | c:\users\public\videos\* | 1 |
Fn
|
||
FIND | c:\users\public\videos\sample videos\ | 1 |
Fn
|
||
FIND | c:\windows\ | 2 |
Fn
|
||
FIND | c:\program files (x86)\bitcoin | 1 |
Fn
|
||
FIND | c:\program files (x86)\bitcoin\* | 1 |
Fn
|
||
FIND | c:\programdata\bitcoin | 1 |
Fn
|
||
FIND | c:\programdata\bitcoin\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\bitcoin | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\bitcoin\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\bitcoin | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\bitcoin\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\bitcoin\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\bitcoin | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\bitcoin\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\bitcoin | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\bitcoin\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\bitcoin | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\bitcoin\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\bitcoin\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\bitcoin | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\bitcoin\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\excel | 1 |
Fn
|
||
FIND | c:\program files (x86)\excel\* | 1 |
Fn
|
||
FIND | c:\programdata\excel | 1 |
Fn
|
||
FIND | c:\programdata\excel\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\excel | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\excel\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\excel | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\excel\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\excel | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\excel\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\excel | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\excel\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft sql server | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft sql server | 1 |
Fn
|
||
FIND | c:\programdata\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft sql server | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft sql server | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\excel | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\excel | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\excel | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\excel | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\excel | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\excel | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\excel\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\microsoft sql server | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\microsoft sql server\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\office | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\office | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\office | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\office | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\office | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\office | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\office\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\onenote | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\onenote\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\outlook | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\outlook\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\powerpoint | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\powerpoint\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\word | 1 |
Fn
|
||
FIND | c:\program files (x86)\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\word | 1 |
Fn
|
||
FIND | c:\programdata\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\word | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\word | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\word | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\word | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\microsoft\word\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\office | 1 |
Fn
|
||
FIND | c:\program files (x86)\office\* | 1 |
Fn
|
||
FIND | c:\programdata\office | 1 |
Fn
|
||
FIND | c:\programdata\office\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\office | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\office\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\office | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\office\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\office | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\office\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\office | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\office\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\office | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\office\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\onenote | 1 |
Fn
|
||
FIND | c:\program files (x86)\onenote\* | 1 |
Fn
|
||
FIND | c:\programdata\onenote | 1 |
Fn
|
||
FIND | c:\programdata\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\onenote | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\onenote\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\onenote | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\onenote | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\onenote\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\onenote | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\onenote\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\onenote | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\onenote\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\outlook | 1 |
Fn
|
||
FIND | c:\program files (x86)\outlook\* | 1 |
Fn
|
||
FIND | c:\programdata\outlook | 1 |
Fn
|
||
FIND | c:\programdata\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\outlook | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\outlook\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\outlook | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\outlook | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\outlook\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\outlook | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\outlook\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\outlook | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\outlook\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\powerpoint | 1 |
Fn
|
||
FIND | c:\program files (x86)\powerpoint\* | 1 |
Fn
|
||
FIND | c:\programdata\powerpoint | 1 |
Fn
|
||
FIND | c:\programdata\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\powerpoint\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\powerpoint | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\powerpoint\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\powerpoint\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\powerpoint | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\powerpoint\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\steam | 1 |
Fn
|
||
FIND | c:\program files (x86)\steam\* | 1 |
Fn
|
||
FIND | c:\programdata\steam | 1 |
Fn
|
||
FIND | c:\programdata\steam\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\steam | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\steam\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\steam | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\steam\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\steam | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\steam\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\steam | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\steam\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\steam | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\steam\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\steam | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\steam\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\steam | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\steam\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\steam | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\steam\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\the bat! | 1 |
Fn
|
||
FIND | c:\program files (x86)\the bat!\* | 1 |
Fn
|
||
FIND | c:\programdata\the bat! | 1 |
Fn
|
||
FIND | c:\programdata\the bat!\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\the bat! | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\the bat!\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\the bat! | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\the bat!\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat! | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\the bat!\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\the bat! | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\the bat!\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\the bat! | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\the bat!\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\the bat! | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\the bat!\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\the bat! | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\the bat!\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\the bat! | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\the bat!\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\thunderbird | 1 |
Fn
|
||
FIND | c:\program files (x86)\thunderbird\* | 1 |
Fn
|
||
FIND | c:\programdata\thunderbird | 1 |
Fn
|
||
FIND | c:\programdata\thunderbird\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\thunderbird | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\thunderbird\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\thunderbird\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\thunderbird\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\thunderbird | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\thunderbird\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\thunderbird | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\thunderbird\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\thunderbird | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\thunderbird\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\thunderbird\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\thunderbird | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\thunderbird\* | 1 |
Fn
|
||
FIND | c:\program files (x86)\word | 1 |
Fn
|
||
FIND | c:\program files (x86)\word\* | 1 |
Fn
|
||
FIND | c:\programdata\word | 1 |
Fn
|
||
FIND | c:\programdata\word\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\word | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\roaming\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\roaming\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\roaming\word\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\word | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\roaming\word\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\word | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\appdata\local\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\appdata\local\word\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\word | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\appdata\local\word\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\word | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\appdata\local\word\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\documents | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\documents\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\documents | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\documents\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\documents | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\documents\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\unhr9cplg597sd\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\unhr9cplg597sd\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\_esg\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\aevh0dz\_esg\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\nvlt6hhl8ezh5vb-pbw1\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\06uohzs8yyosupo_9o\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\06uohzs8yyosupo_9o\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\m_paqapiijrmm0wvr\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\y_ x b91e5l69f16\cvm6dg8vo9rur1hai\xotnwhe5ev\mpjeznbqsh\m_paqapiijrmm0wvr\* | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\desktop | 1 |
Fn
|
||
FIND | c:\windows\system32\config\systemprofile\desktop\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\desktop | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\localservice\desktop\* | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\desktop | 1 |
Fn
|
||
FIND | c:\windows\serviceprofiles\networkservice\desktop\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\desktop | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\desktop\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\desktop\aszm5dcdns\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\desktop\aszm5dcdns\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\ | 2 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\desktop\x5cctkx i\* | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\Mk1qEyh-OB.87b1 | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\mCjGDC9uzH.87b1 | 1 |
Fn
|
||
FIND | c:\users\hjrd1koky ds8lujv\documents\wZrLP-viqF.87b1 | 1 |
Fn
|
Operation | Process Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | C:\Windows\system32\netsh.exe advfirewall set allprofiles state on | creation_flags = CREATE_NO_WINDOW, show_window = SW_HIDE | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\desktop\_READ_THIS_FILE_SOESZC_.hta | operation = open, current_directory = c:\users\hjrd1koky ds8lujv\desktop, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\desktop\_READ_THIS_FILE_6LJV87LC_.txt | operation = open, current_directory = c:\users\hjrd1koky ds8lujv\desktop, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
CREATE | c:\users\hjrd1koky ds8lujv\desktop\_READ_THIS_FILE_4FCM_.jpeg | operation = open, current_directory = c:\users\hjrd1koky ds8lujv\desktop, show_window = SW_SHOWNORMAL | 1 |
Fn
|
|
OPEN_TOKEN | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | os_pid = 0x9e0, desired_access = PROCESS_VM_OPERATION, desired_access = PROCESS_VM_OPERATION | 2 |
Fn
|
|
TERMINATE | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | advapi32.dll | base_address = 0x75150000 | 1 |
Fn
|
|
LOAD | crypt32.dll | base_address = 0x76a60000 | 1 |
Fn
|
|
LOAD | gdi32.dll | base_address = 0x760f0000 | 1 |
Fn
|
|
LOAD | gdiplus.dll | base_address = 0x74dd0000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
LOAD | NTDLL | base_address = 0x77540000 | 6 |
Fn
|
|
LOAD | mpr.dll | base_address = 0x74db0000 | 1 |
Fn
|
|
LOAD | netapi32.dll | base_address = 0x74d90000 | 1 |
Fn
|
|
LOAD | SAMCLI | base_address = 0x74d40000 | 2 |
Fn
|
|
LOAD | NETUTILS | base_address = 0x74d80000 | 1 |
Fn
|
|
LOAD | ntdll.dll | base_address = 0x77540000 | 1 |
Fn
|
|
LOAD | ole32.dll | base_address = 0x75e50000 | 1 |
Fn
|
|
LOAD | oleaut32.dll | base_address = 0x76360000 | 1 |
Fn
|
|
LOAD | powrprof.dll | base_address = 0x74d10000 | 1 |
Fn
|
|
LOAD | shell32.dll | base_address = 0x75200000 | 1 |
Fn
|
|
LOAD | shlwapi.dll | base_address = 0x75fb0000 | 1 |
Fn
|
|
LOAD | urlmon.dll | base_address = 0x76720000 | 1 |
Fn
|
|
LOAD | user32.dll | base_address = 0x765f0000 | 1 |
Fn
|
|
LOAD | version.dll | base_address = 0x74d00000 | 1 |
Fn
|
|
LOAD | ws2_32.dll | base_address = 0x76010000 | 1 |
Fn
|
|
GET_HANDLE | c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | base_address = 0x400000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\advapi32.dll | base_address = 0x75150000 | 3 |
Fn
|
|
GET_FILENAME | C:\Users\hJrD1KOKY DS8lUjv\Desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe | 1 |
Fn
|
||
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = CryptDestroyKey, address = 0x7515c51a | 3 |
Fn
|
Operation | Class | Interface | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|---|
CREATE | WbemLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG | 6 |
Fn
|
|
CREATE | ShellLink | IShellLinkW | cls_context = CLSCTX_INPROC_SERVER | 149 |
Fn
|
|
CREATE | SpVoice | ISpVoice | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER | 1 |
Fn
|
|
QUERY | ShellLink | IShellLinkW | new_interface = IPersistFile, | 149 |
Fn
|
|
METHOD | WbemLocator | IWbemLocator | new_interface = IWbemServices, method = ConnectServer | 6 |
Fn
|
|
METHOD | WbemLocator | IWbemServices | new_interface = IEnumWbemClassObject, method = ExecQuery | 6 |
Fn
|
|
METHOD | WbemLocator | IEnumWbemClassObject | method = Next | 6 |
Fn
|
|
METHOD | WbemLocator | IEnumWbemClassObject | new_interface = IWbemClassObject, method = Next | 1 |
Fn
|
|
METHOD | WbemLocator | IWbemClassObject | method = Get | 2 |
Fn
|
|
METHOD | ShellLink | IPersistFile | method = Load | 149 |
Fn
|
|
METHOD | ShellLink | IShellLinkW | method = GetPath | 149 |
Fn
|
|
METHOD | ShellLink | IShellLinkW | method = GetIDList | 149 |
Fn
|
|
METHOD | IStream | method = RemoteSeek | 1 |
Fn
|
||
METHOD | IStream | method = Stat | 1 |
Fn
|
||
METHOD | IStream | method = RemoteRead | 1 |
Fn
|
||
METHOD | SpVoice | ISpVoice | method = Speak | 4 |
Fn
|
|
METHOD | SpVoice | ISpVoice | method = Speak | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | 1 |
Fn
|
||
READ_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid | 1 |
Fn
|
|
READ_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid, data_ident_out = 54 | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | class_name = J+bqdi[rGb6HCcT-8l-^%VO^6(olFew6YP)q0gqJ}2A*mE=o92=Gekrdw#lv4>x6tcIs{c[2-}gkge)yQOYE5NbO(%--Jv($43(C}TZ^<82{hZ)K@PGvPbmCX&vnK o+!~^@23>=jS!^L0MF$&6f<Cq}ywzLhZ0wCyo)KJdq0H}KY{9!DlhkE5T{rZ=aAZ)ikFP)~x0<Z48TvtAzH[-Be-rK~u(&3&+zJ@ 6cA+HDwpCrf7KTF71h6$Stc3W&jA, x_coordinate = 1, y_coordinate = 1, width = 1, height = 1, window_parameter = 0 | 1 |
Fn
|
Operation | Virtual Key Code | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
GET_INFO | KB_LOCALE_ID | 2 |
Fn
|
Operation | Information | Success | Count | Logfile |
---|---|---|---|---|
SLEEP | duration = 1 milliseconds (0.001 seconds) | 38 |
Fn
|
Operation | Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | shell.{0835FA03-68AC-09B6-0CE4-703246A746AB} | initial_owner = 0 | 1 |
Fn
|
Information | Value |
---|---|
ID | #3 |
File Name | c:\windows\syswow64\netsh.exe |
Command Line | C:\Windows\system32\netsh.exe advfirewall set allprofiles state on |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:00:51, Reason: Child Process |
Unmonitor | End Time: 00:01:09, Reason: Terminated |
Monitor Duration | 00:00:18 |
Information | Value |
---|---|
PID | 0xa00 |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A04
0x
A14
0x
A18
0x
A1C
0x
A20
0x
A24
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
netsh.exe.mui | 0x00030000 | 0x00034fff | Memory Mapped File | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable |
|
|||
odbcint.dll.mui | 0x00110000 | 0x0011afff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x0023ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x001effff | Private Memory | Readable, Writable |
|
|||
mfc42u.dll.mui | 0x001f0000 | 0x001f7fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000200000 | 0x00200000 | 0x0023ffff | Private Memory | Readable, Writable |
|
|||
setupapi.dll.mui | 0x00240000 | 0x0024cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000260000 | 0x00260000 | 0x00260fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000270000 | 0x00270000 | 0x00271fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000280000 | 0x00280000 | 0x0037ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000380000 | 0x00380000 | 0x00507fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000510000 | 0x00510000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|||
crypt32.dll.mui | 0x00550000 | 0x00558fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000560000 | 0x00560000 | 0x005dffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000005e0000 | 0x005e0000 | 0x00760fff | Pagefile Backed Memory | Readable |
|
|||
fwcfg.dll.mui | 0x00770000 | 0x00780fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000790000 | 0x00790000 | 0x00790fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007a0000 | 0x007a0000 | 0x007a0fff | Pagefile Backed Memory | Readable |
|
|||
dhcpqec.dll.mui | 0x007b0000 | 0x007b1fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000007c0000 | 0x007c0000 | 0x008bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008c0000 | 0x008c0000 | 0x0098ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008c0000 | 0x008c0000 | 0x0093ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008c0000 | 0x008c0000 | 0x0091ffff | Private Memory | Readable, Writable |
|
|||
p2pnetsh.dll.mui | 0x008c0000 | 0x008c9fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000008e0000 | 0x008e0000 | 0x0091ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000930000 | 0x00930000 | 0x0093ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000950000 | 0x00950000 | 0x0098ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000990000 | 0x00990000 | 0x00a8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a90000 | 0x00a90000 | 0x00acffff | Private Memory | Readable, Writable |
|
|||
netsh.exe | 0x00b00000 | 0x00b1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000b20000 | 0x00b20000 | 0x01f1ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001f20000 | 0x01f20000 | 0x01ffffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f20000 | 0x01f20000 | 0x01f9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fc0000 | 0x01fc0000 | 0x01ffffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02000000 | 0x022cefff | Memory Mapped File | Readable |
|
|||
private_0x00000000022d0000 | 0x022d0000 | 0x0243ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000022d0000 | 0x022d0000 | 0x0237ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000023b0000 | 0x023b0000 | 0x023effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002400000 | 0x02400000 | 0x0243ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002450000 | 0x02450000 | 0x0248ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000024b0000 | 0x024b0000 | 0x024effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002530000 | 0x02530000 | 0x0262ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002630000 | 0x02630000 | 0x0282ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002630000 | 0x02630000 | 0x0270efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002730000 | 0x02730000 | 0x0276ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002810000 | 0x02810000 | 0x0282ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002850000 | 0x02850000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002910000 | 0x02910000 | 0x02a0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002a90000 | 0x02a90000 | 0x02acffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002b60000 | 0x02b60000 | 0x02c5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d60000 | 0x02d60000 | 0x02e5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002f40000 | 0x02f40000 | 0x0303ffff | Private Memory | Readable, Writable |
|
|||
bcryptprimitives.dll | 0x73900000 | 0x7393cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x73940000 | 0x73955fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x73960000 | 0x7396dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qagent.dll | 0x73970000 | 0x7399dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
peerdistsh.dll | 0x739a0000 | 0x73a44fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanhlp.dll | 0x73a50000 | 0x73a66fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanutil.dll | 0x73a70000 | 0x73a75fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanapi.dll | 0x73a80000 | 0x73a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlancfg.dll | 0x73aa0000 | 0x73acdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pcollab.dll | 0x73ad0000 | 0x73b37fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2p.dll | 0x73b40000 | 0x73b77fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pnetsh.dll | 0x73b80000 | 0x73ba4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
polstore.dll | 0x73bb0000 | 0x73bf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
adsldpc.dll | 0x73c00000 | 0x73c33fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
activeds.dll | 0x73c40000 | 0x73c74fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x73c80000 | 0x73c8afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x73c90000 | 0x73ca6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshipsec.dll | 0x73cb0000 | 0x73d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x73d20000 | 0x73d41fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
certcli.dll | 0x73d50000 | 0x73da5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napmontr.dll | 0x73db0000 | 0x73dd8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappprxy.dll | 0x73de0000 | 0x73df0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
onex.dll | 0x73e00000 | 0x73e33fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappcfg.dll | 0x73e40000 | 0x73e6efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x73e70000 | 0x73e83fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3api.dll | 0x73e90000 | 0x73ea9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3cfg.dll | 0x73eb0000 | 0x73ec6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcnsh.dll | 0x73ed0000 | 0x73edafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x73ee0000 | 0x73eeffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netshell.dll | 0x73ef0000 | 0x74154fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hnetmon.dll | 0x74160000 | 0x74166fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x74170000 | 0x741befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x741c0000 | 0x74217fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
whhelper.dll | 0x74220000 | 0x74226fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74230000 | 0x74273fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netiohlp.dll | 0x74280000 | 0x742abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devrtl.dll | 0x742b0000 | 0x742bdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nci.dll | 0x742c0000 | 0x742d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ifmon.dll | 0x742e0000 | 0x742e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winipsec.dll | 0x742f0000 | 0x74303fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcrypt.dll | 0x74310000 | 0x74326fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
authfwcfg.dll | 0x74330000 | 0x74383fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
firewallapi.dll | 0x74390000 | 0x74405fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwcfg.dll | 0x74410000 | 0x74420fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
httpapi.dll | 0x74430000 | 0x7443afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshhttp.dll | 0x74440000 | 0x74449fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74450000 | 0x7448bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2help.dll | 0x74490000 | 0x74492fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshelper.dll | 0x744a0000 | 0x744a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x744b0000 | 0x744f1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qutil.dll | 0x74500000 | 0x74516fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpqec.dll | 0x74520000 | 0x74536fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x74540000 | 0x7454cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x74550000 | 0x74561fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcmonitor.dll | 0x74570000 | 0x74575fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x74580000 | 0x74589fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshwfp.dll | 0x74590000 | 0x74633fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbcint.dll | 0x74640000 | 0x74677fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74680000 | 0x7469bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbc32.dll | 0x746a0000 | 0x7472bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mfc42u.dll | 0x74730000 | 0x7484efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x74850000 | 0x74887fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74890000 | 0x748e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74a40000 | 0x74a46fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x74a50000 | 0x74a64fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mprapi.dll | 0x74a70000 | 0x74a98fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasmontr.dll | 0x74aa0000 | 0x74acdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74ad0000 | 0x74c6dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credui.dll | 0x74c70000 | 0x74c9afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74d50000 | 0x74d5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74d60000 | 0x74d78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74d80000 | 0x74d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74d90000 | 0x74da0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74db0000 | 0x74dc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN | STD_OUTPUT_HANDLE | 2 |
Fn
|
||
WRITE | STD_OUTPUT_HANDLE | size = 5 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 2 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | RASMONTR.DLL | base_address = 0x74aa0000 | 1 |
Fn
|
|
LOAD | NSHWFP.DLL | base_address = 0x74590000 | 1 |
Fn
|
|
LOAD | DHCPCMONITOR.DLL | base_address = 0x74570000 | 1 |
Fn
|
|
LOAD | WSHELPER.DLL | base_address = 0x744a0000 | 1 |
Fn
|
|
LOAD | NSHHTTP.DLL | base_address = 0x74440000 | 1 |
Fn
|
|
LOAD | FWCFG.DLL | base_address = 0x74410000 | 1 |
Fn
|
|
LOAD | AUTHFWCFG.DLL | base_address = 0x74330000 | 1 |
Fn
|
|
LOAD | IFMON.DLL | base_address = 0x742e0000 | 1 |
Fn
|
|
LOAD | NETIOHLP.DLL | base_address = 0x74280000 | 1 |
Fn
|
|
LOAD | WHHELPER.DLL | base_address = 0x74220000 | 1 |
Fn
|
|
LOAD | HNETMON.DLL | base_address = 0x74160000 | 1 |
Fn
|
|
LOAD | RPCNSH.DLL | base_address = 0x73ed0000 | 1 |
Fn
|
|
LOAD | DOT3CFG.DLL | base_address = 0x73eb0000 | 1 |
Fn
|
|
LOAD | NAPMONTR.DLL | base_address = 0x73db0000 | 1 |
Fn
|
|
LOAD | NSHIPSEC.DLL | base_address = 0x73cb0000 | 1 |
Fn
|
|
LOAD | P2PNETSH.DLL | base_address = 0x73b80000 | 1 |
Fn
|
|
LOAD | WLANCFG.DLL | base_address = 0x73aa0000 | 1 |
Fn
|
|
LOAD | PEERDISTSH.DLL | base_address = 0x739a0000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\netsh.exe | base_address = 0xb00000 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\rasmontr.dll | function = InitHelperDll, address = 0x74ab6cb9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshwfp.dll | function = InitHelperDll, address = 0x745ebbb2 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dhcpcmonitor.dll | function = InitHelperDll, address = 0x74571cd4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wshelper.dll | function = InitHelperDll, address = 0x744a157b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshhttp.dll | function = InitHelperDll, address = 0x74441b47 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\fwcfg.dll | function = InitHelperDll, address = 0x74412a30 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\authfwcfg.dll | function = InitHelperDll, address = 0x74334420 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ifmon.dll | function = InitHelperDll, address = 0x742e17a3 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\netiohlp.dll | function = InitHelperDll, address = 0x74296e4b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\whhelper.dll | function = InitHelperDll, address = 0x74221c99 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\hnetmon.dll | function = InitHelperDll, address = 0x7416200c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\rpcnsh.dll | function = InitHelperDll, address = 0x73ed2f94 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dot3cfg.dll | function = InitHelperDll, address = 0x73eba31d | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\napmontr.dll | function = InitHelperDll, address = 0x73dbc7d5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshipsec.dll | function = InitHelperDll, address = 0x73cb6910 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\p2pnetsh.dll | function = InitHelperDll, address = 0x73b838e5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wlancfg.dll | function = InitHelperDll, address = 0x73aac7d8 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\peerdistsh.dll | function = InitHelperDll, address = 0x73a1c796 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address = 0x76bda84f | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | 1 |
Fn
|
Information | Value |
---|---|
ID | #4 |
File Name | c:\windows\system32\svchost.exe |
Command Line | C:\Windows\system32\svchost.exe -k netsvcs |
Initial Working Directory | C:\Windows\system32 |
Monitor | Start Time: 00:00:58, Reason: RPC Server |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:01:28 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x35c |
Parent PID | 0x1c0 (c:\windows\system32\services.exe) |
Is Created or Modified Executable | |
Integrity Level | System (Elevated) |
Username | NT AUTHORITY\SYSTEM |
Groups |
|
Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
Thread IDs |
0x
7FC
0x
7F0
0x
7D8
0x
5E0
0x
420
0x
41C
0x
764
0x
744
0x
740
0x
73C
0x
738
0x
6E0
0x
6DC
0x
6C8
0x
6C4
0x
6C0
0x
6B0
0x
6AC
0x
6A4
0x
690
0x
68C
0x
678
0x
66C
0x
4F8
0x
4A0
0x
49C
0x
48C
0x
488
0x
484
0x
164
0x
178
0x
3E8
0x
3E0
0x
3D4
0x
37C
0x
378
0x
374
0x
370
0x
368
0x
360
0x
A68
0x
A6C
0x
BEC
0x
BF0
0x
BF4
0x
BF8
0x
BFC
0x
480
0x
494
0x
4B0
0x
81C
0x
834
0x
844
0x
854
0x
864
0x
874
0x
600
0x
BC
0x
5C0
0x
9C0
0x
9D0
0x
10C
0x
1B0
0x
9D8
0x
9D4
0x
9C8
0x
4C4
0x
9A4
0x
1FC
0x
63C
0x
69C
0x
52C
0x
A0C
0x
724
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
svchost.exe.mui | 0x00020000 | 0x00020fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000170000 | 0x00170000 | 0x00170fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000180000 | 0x00180000 | 0x00180fff | Pagefile Backed Memory | Readable |
|
|||
gpsvc.dll.mui | 0x00190000 | 0x0019afff | Memory Mapped File | Readable, Writable |
|
|||
setupapi.dll.mui | 0x001a0000 | 0x001acfff | Memory Mapped File | Readable, Writable |
|
|||
taskcomp.dll.mui | 0x001b0000 | 0x001b3fff | Memory Mapped File | Readable, Writable |
|
|||
schedsvc.dll.mui | 0x001c0000 | 0x001c9fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000001d0000 | 0x001d0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Pagefile Backed Memory | Readable |
|
|||
cversions.2.db | 0x003f0000 | 0x003f3fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000400000 | 0x00400000 | 0x00401fff | Pagefile Backed Memory | Readable |
|
|||
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db | 0x00410000 | 0x0043ffff | Memory Mapped File | Readable |
|
|||
private_0x0000000000440000 | 0x00440000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000450000 | 0x00450000 | 0x005d7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005e0000 | 0x005e0000 | 0x00760fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000770000 | 0x00770000 | 0x0082ffff | Pagefile Backed Memory | Readable |
|
|||
cversions.2.db | 0x00830000 | 0x00833fff | Memory Mapped File | Readable |
|
|||
propsys.dll.mui | 0x00840000 | 0x0084dfff | Memory Mapped File | Readable, Writable |
|
|||
vsstrace.dll.mui | 0x00850000 | 0x00857fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000860000 | 0x00860000 | 0x008dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000860000 | 0x00860000 | 0x00860fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000870000 | 0x00870000 | 0x00870fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000880000 | 0x00880000 | 0x00880fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000008f0000 | 0x008f0000 | 0x0096ffff | Private Memory | Readable, Writable |
|
|||
firewallapi.dll.mui | 0x00970000 | 0x0098bfff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000990000 | 0x00990000 | 0x00990fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000009a0000 | 0x009a0000 | 0x00a1ffff | Private Memory | Readable, Writable |
|
|||
wshtcpip.dll.mui | 0x00a20000 | 0x00a20fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000a30000 | 0x00a30000 | 0x00aaffff | Private Memory | Readable, Writable |
|
|||
wship6.dll.mui | 0x00ab0000 | 0x00ab0fff | Memory Mapped File | Readable, Writable |
|
|||
nci.dll.mui | 0x00ac0000 | 0x00ac0fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000af0000 | 0x00af0000 | 0x00b6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000b90000 | 0x00b90000 | 0x00c0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000c30000 | 0x00c30000 | 0x00caffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00cb0000 | 0x00f7efff | Memory Mapped File | Readable |
|
|||
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x00f80000 | 0x00fe5fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000ff0000 | 0x00ff0000 | 0x0106ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001090000 | 0x01090000 | 0x0110ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001130000 | 0x01130000 | 0x011affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000011c0000 | 0x011c0000 | 0x0123ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001280000 | 0x01280000 | 0x0128ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012c0000 | 0x012c0000 | 0x0133ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001370000 | 0x01370000 | 0x013effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001380000 | 0x01380000 | 0x013fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013f0000 | 0x013f0000 | 0x0146ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001400000 | 0x01400000 | 0x0147ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001430000 | 0x01430000 | 0x014affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000014c0000 | 0x014c0000 | 0x0153ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001560000 | 0x01560000 | 0x015dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000015b0000 | 0x015b0000 | 0x0162ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000015f0000 | 0x015f0000 | 0x0166ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001690000 | 0x01690000 | 0x0170ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001710000 | 0x01710000 | 0x0178ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000017d0000 | 0x017d0000 | 0x0184ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000018a0000 | 0x018a0000 | 0x0191ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001980000 | 0x01980000 | 0x0198ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001990000 | 0x01990000 | 0x01a0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001a70000 | 0x01a70000 | 0x01aeffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001af0000 | 0x01af0000 | 0x01b6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001bb0000 | 0x01bb0000 | 0x01c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c30000 | 0x01c30000 | 0x01d2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d30000 | 0x01d30000 | 0x01e2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e50000 | 0x01e50000 | 0x01ecffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f10000 | 0x01f10000 | 0x01f1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001f40000 | 0x01f40000 | 0x01fbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fd0000 | 0x01fd0000 | 0x0204ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000020a0000 | 0x020a0000 | 0x0211ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002160000 | 0x02160000 | 0x021dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021e0000 | 0x021e0000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002260000 | 0x02260000 | 0x022dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002270000 | 0x02270000 | 0x022effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002350000 | 0x02350000 | 0x023cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002420000 | 0x02420000 | 0x0249ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002430000 | 0x02430000 | 0x024affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000024c0000 | 0x024c0000 | 0x025bffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000025c0000 | 0x025c0000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002660000 | 0x02660000 | 0x026dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026e0000 | 0x026e0000 | 0x0275ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002790000 | 0x02790000 | 0x0280ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002830000 | 0x02830000 | 0x028affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000028b0000 | 0x028b0000 | 0x029affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000029d0000 | 0x029d0000 | 0x02a4ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000029d0000 | 0x029d0000 | 0x02a4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002aa0000 | 0x02aa0000 | 0x02aaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ab0000 | 0x02ab0000 | 0x02baffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c20000 | 0x02c20000 | 0x02c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c30000 | 0x02c30000 | 0x02caffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d10000 | 0x02d10000 | 0x02d8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002d90000 | 0x02d90000 | 0x02e0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e10000 | 0x02e10000 | 0x02e8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e30000 | 0x02e30000 | 0x02eaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ec0000 | 0x02ec0000 | 0x02fbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003000000 | 0x03000000 | 0x0307ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003080000 | 0x03080000 | 0x030fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000030c0000 | 0x030c0000 | 0x0313ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003120000 | 0x03120000 | 0x0319ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003140000 | 0x03140000 | 0x031bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000031c0000 | 0x031c0000 | 0x033bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003240000 | 0x03240000 | 0x032bffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003430000 | 0x03430000 | 0x034affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000034e0000 | 0x034e0000 | 0x0355ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000035a0000 | 0x035a0000 | 0x0361ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003620000 | 0x03620000 | 0x0369ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000036a0000 | 0x036a0000 | 0x0389ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003900000 | 0x03900000 | 0x0397ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003910000 | 0x03910000 | 0x0398ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003980000 | 0x03980000 | 0x039fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000039f0000 | 0x039f0000 | 0x03a6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003a10000 | 0x03a10000 | 0x03a8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ab0000 | 0x03ab0000 | 0x03b2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003af0000 | 0x03af0000 | 0x03b6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003bb0000 | 0x03bb0000 | 0x03c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003c30000 | 0x03c30000 | 0x03caffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003cb0000 | 0x03cb0000 | 0x03daffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e10000 | 0x03e10000 | 0x03e8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e90000 | 0x03e90000 | 0x03f0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003e90000 | 0x03e90000 | 0x03f8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003f40000 | 0x03f40000 | 0x03fbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004000000 | 0x04000000 | 0x0407ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004170000 | 0x04170000 | 0x041effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004200000 | 0x04200000 | 0x0427ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004290000 | 0x04290000 | 0x0430ffff | Private Memory | Readable, Writable |
|
|||
user32.dll | 0x77140000 | 0x77239fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x77240000 | 0x7735efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x77520000 | 0x77526fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
svchost.exe | 0xff7f0000 | 0xff7fafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wups.dll | 0x7fef4800000 | 0x7fef480cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mspatcha.dll | 0x7fef4810000 | 0x7fef481efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wuaueng.dll | 0x7fef4820000 | 0x7fef4a7ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cabinet.dll | 0x7fef4a80000 | 0x7fef4a9afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qmgr.dll | 0x7fef51e0000 | 0x7fef52b1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
esent.dll | 0x7fef52c0000 | 0x7fef5539fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
upnp.dll | 0x7fef5740000 | 0x7fef5784fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
spfileq.dll | 0x7fef5bf0000 | 0x7fef5c0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
tcpipcfg.dll | 0x7fef5cd0000 | 0x7fef5d11fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rascfg.dll | 0x7fef5d20000 | 0x7fef5d39fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ncprov.dll | 0x7fef6380000 | 0x7fef6395fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
appinfo.dll | 0x7fef63a0000 | 0x7fef63b4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mprapi.dll | 0x7fef7860000 | 0x7fef7899fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winspool.drv | 0x7fef7f30000 | 0x7fef7fa0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ndiscapcfg.dll | 0x7fef80f0000 | 0x7fef80fefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x7fef8170000 | 0x7fef817bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bitsigd.dll | 0x7fef8370000 | 0x7fef8381fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bitsperf.dll | 0x7fef8390000 | 0x7fef8399fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x7fef84f0000 | 0x7fef84f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemess.dll | 0x7fef8500000 | 0x7fef857dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ncobjapi.dll | 0x7fef8580000 | 0x7fef8595fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wmiprvsd.dll | 0x7fef85a0000 | 0x7fef865bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
repdrvfs.dll | 0x7fef8660000 | 0x7fef86d2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wmiutils.dll | 0x7fef86e0000 | 0x7fef8705fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x7fef8710000 | 0x7fef8783fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hnetcfg.dll | 0x7fef8790000 | 0x7fef87fafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemsvc.dll | 0x7fef8800000 | 0x7fef8813fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
esscli.dll | 0x7fef8820000 | 0x7fef888efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcore.dll | 0x7fef8890000 | 0x7fef89befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nci.dll | 0x7fef89c0000 | 0x7fef89d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netcfgx.dll | 0x7fef89e0000 | 0x7fef8a63fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
resutils.dll | 0x7fef8a70000 | 0x7fef8a88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clusapi.dll | 0x7fef8a90000 | 0x7fef8adffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sscore.dll | 0x7fef8ae0000 | 0x7fef8ae7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemprox.dll | 0x7fef8af0000 | 0x7fef8afefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdsapi.dll | 0x7fef8b00000 | 0x7fef8b26fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fastprox.dll | 0x7fef8b30000 | 0x7fef8c11fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
browser.dll | 0x7fef8c60000 | 0x7fef8c84fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvsvc.dll | 0x7fef8c90000 | 0x7fef8cccfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wdscore.dll | 0x7fef8cd0000 | 0x7fef8d16fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sqmapi.dll | 0x7fef8d20000 | 0x7fef8d61fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x7fef8d70000 | 0x7fef8d80fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpsvc.dll | 0x7fef8d90000 | 0x7fef8e21fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wbemcomn.dll | 0x7fef8e30000 | 0x7fef8eb5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wmisvc.dll | 0x7fef8ec0000 | 0x7fef8efffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
vsstrace.dll | 0x7fef90e0000 | 0x7fef90f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
vssapi.dll | 0x7fef9100000 | 0x7fef92affff | Memory Mapped File | Readable, Writable, Executable |
|
|||
tschannel.dll | 0x7fef95d0000 | 0x7fef95d8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
taskcomp.dll | 0x7fef9fa0000 | 0x7fefa016fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
actxprxy.dll | 0x7fefa070000 | 0x7fefa15dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ktmw32.dll | 0x7fefa160000 | 0x7fefa169fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
schedsvc.dll | 0x7fefa170000 | 0x7fefa281fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wiarpc.dll | 0x7fefa290000 | 0x7fefa29efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fvecerts.dll | 0x7fefa2a0000 | 0x7fefa2a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
tbs.dll | 0x7fefa2b0000 | 0x7fefa2b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fveapi.dll | 0x7fefa2c0000 | 0x7fefa315fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shsvcs.dll | 0x7fefa320000 | 0x7fefa37dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x7fefa380000 | 0x7fefa397fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x7fefa3a0000 | 0x7fefa3b0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x7fefa3d0000 | 0x7fefa422fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sens.dll | 0x7fefad70000 | 0x7fefad83fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x7fefad90000 | 0x7fefad9afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x7fefada0000 | 0x7fefadc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
es.dll | 0x7fefadd0000 | 0x7fefae36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x7fefae50000 | 0x7fefae5afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dsrole.dll | 0x7fefae60000 | 0x7fefae6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
themeservice.dll | 0x7fefae70000 | 0x7fefae7ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x7fefae80000 | 0x7fefae98fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profsvc.dll | 0x7fefaea0000 | 0x7fefaed6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x7fefaf20000 | 0x7fefaf34fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpsvc.dll | 0x7fefaf40000 | 0x7fefb001fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x7fefb220000 | 0x7fefb24cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mmcss.dll | 0x7fefb250000 | 0x7fefb26cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
avrt.dll | 0x7fefb270000 | 0x7fefb278fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x7fefb3c0000 | 0x7fefb423fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x7fefb430000 | 0x7fefb4a0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
samcli.dll | 0x7fefb4b0000 | 0x7fefb4c3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x7fefb4d0000 | 0x7fefb4e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x7fefb4f0000 | 0x7fefb4fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x7fefb500000 | 0x7fefb515fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ssdpapi.dll | 0x7fefb530000 | 0x7fefb540fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wtsapi32.dll | 0x7fefb630000 | 0x7fefb640fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
xmllite.dll | 0x7fefb790000 | 0x7fefb7c4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x7fefbc00000 | 0x7fefbc55fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x7fefbc60000 | 0x7fefbd8bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
samlib.dll | 0x7fefbd90000 | 0x7fefbdacfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x7fefbde0000 | 0x7fefbfd3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x7fefc470000 | 0x7fefc47bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
firewallapi.dll | 0x7fefc480000 | 0x7fefc53afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x7fefc540000 | 0x7fefc546fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x7fefc630000 | 0x7fefc64afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x7fefc650000 | 0x7fefc66dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devrtl.dll | 0x7fefc670000 | 0x7fefc681fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
spinf.dll | 0x7fefc690000 | 0x7fefc6aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ubpm.dll | 0x7fefc760000 | 0x7fefc798fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credssp.dll | 0x7fefc7a0000 | 0x7fefc7a9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pcwum.dll | 0x7fefc7b0000 | 0x7fefc7bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefc8a0000 | 0x7fefc8e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x7fefc990000 | 0x7fefc9bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x7fefc9c0000 | 0x7fefca1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wship6.dll | 0x7fefcb30000 | 0x7fefcb36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x7fefcb40000 | 0x7fefcb94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefcba0000 | 0x7fefcbb6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netjoin.dll | 0x7fefccb0000 | 0x7fefcce1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wmsgapi.dll | 0x7fefccf0000 | 0x7fefccf7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sysntfy.dll | 0x7fefcd00000 | 0x7fefcd09fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
authz.dll | 0x7fefcd90000 | 0x7fefcdbefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x7fefcdd0000 | 0x7fefce3cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptdll.dll | 0x7fefce40000 | 0x7fefce53fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x7fefd0a0000 | 0x7fefd0c2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x7fefd140000 | 0x7fefd14afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefd170000 | 0x7fefd194fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd1a0000 | 0x7fefd1aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sxs.dll | 0x7fefd1b0000 | 0x7fefd240fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winsta.dll | 0x7fefd250000 | 0x7fefd28cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd290000 | 0x7fefd2a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x7fefd2b0000 | 0x7fefd2befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x7fefd350000 | 0x7fefd35efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x7fefd360000 | 0x7fefd4c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x7fefd4d0000 | 0x7fefd505fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd510000 | 0x7fefd57afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x7fefd620000 | 0x7fefd639fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wintrust.dll | 0x7fefd640000 | 0x7fefd679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x7fefd680000 | 0x7fefd687fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7fefd8f0000 | 0x7fefd8fdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7fefda30000 | 0x7fefdb06fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefdb10000 | 0x7fefdbd8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefdbe0000 | 0x7fefdc78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefde80000 | 0x7fefdf1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefdf20000 | 0x7fefe122fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x7fefe130000 | 0x7fefe181fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x7fefe190000 | 0x7fefe1dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefe200000 | 0x7fefe22dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefe230000 | 0x7fefe296fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x7fefe340000 | 0x7feff0c7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7feff0d0000 | 0x7feff140fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7feff150000 | 0x7feff22afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7feff230000 | 0x7feff338fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7feff340000 | 0x7feff46cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x7feff470000 | 0x7feff646fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7feff650000 | 0x7feff66efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff680000 | 0x7feff680fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007fffff5a000 | 0x7fffff5a000 | 0x7fffff5bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff5c000 | 0x7fffff5c000 | 0x7fffff5dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff5e000 | 0x7fffff5e000 | 0x7fffff5ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff60000 | 0x7fffff60000 | 0x7fffff61fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff62000 | 0x7fffff62000 | 0x7fffff63fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff64000 | 0x7fffff64000 | 0x7fffff65fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff66000 | 0x7fffff66000 | 0x7fffff67fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff68000 | 0x7fffff68000 | 0x7fffff69fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff6a000 | 0x7fffff6a000 | 0x7fffff6bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff6c000 | 0x7fffff6c000 | 0x7fffff6dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff6e000 | 0x7fffff6e000 | 0x7fffff6ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff70000 | 0x7fffff70000 | 0x7fffff71fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff72000 | 0x7fffff72000 | 0x7fffff73fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff72000 | 0x7fffff72000 | 0x7fffff73fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff74000 | 0x7fffff74000 | 0x7fffff75fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff74000 | 0x7fffff74000 | 0x7fffff75fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff76000 | 0x7fffff76000 | 0x7fffff77fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff78000 | 0x7fffff78000 | 0x7fffff79fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff78000 | 0x7fffff78000 | 0x7fffff79fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff7a000 | 0x7fffff7a000 | 0x7fffff7bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff7a000 | 0x7fffff7a000 | 0x7fffff7bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff7c000 | 0x7fffff7c000 | 0x7fffff7dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff7c000 | 0x7fffff7c000 | 0x7fffff7dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff7e000 | 0x7fffff7e000 | 0x7fffff7ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff80000 | 0x7fffff80000 | 0x7fffff81fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff80000 | 0x7fffff80000 | 0x7fffff81fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff82000 | 0x7fffff82000 | 0x7fffff83fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff84000 | 0x7fffff84000 | 0x7fffff85fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff84000 | 0x7fffff84000 | 0x7fffff85fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff86000 | 0x7fffff86000 | 0x7fffff87fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff88000 | 0x7fffff88000 | 0x7fffff89fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff88000 | 0x7fffff88000 | 0x7fffff89fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff8a000 | 0x7fffff8a000 | 0x7fffff8bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff8c000 | 0x7fffff8c000 | 0x7fffff8dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff8e000 | 0x7fffff8e000 | 0x7fffff8ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff90000 | 0x7fffff90000 | 0x7fffff91fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff92000 | 0x7fffff92000 | 0x7fffff93fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff94000 | 0x7fffff94000 | 0x7fffff95fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff96000 | 0x7fffff96000 | 0x7fffff97fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa6000 | 0x7fffffa6000 | 0x7fffffa7fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdbfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
Action | Attribute | Value |
---|---|---|
Token attribute value added | Enabled Privileges | SeManageVolumePrivilege |
Token attribute value removed | Enabled Privileges | SeManageVolumePrivilege |
Information | Value |
---|---|
ID | #5 |
File Name | c:\windows\syswow64\netsh.exe |
Command Line | C:\Windows\system32\netsh.exe advfirewall reset |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:01:08, Reason: Child Process |
Unmonitor | End Time: 00:01:11, Reason: Terminated |
Monitor Duration | 00:00:03 |
Information | Value |
---|---|
PID | 0xa2c |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A30
0x
A40
0x
A44
0x
A48
0x
A4C
0x
A50
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
netsh.exe.mui | 0x00030000 | 0x00034fff | Memory Mapped File | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x000b0000 | 0x00116fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000140000 | 0x00140000 | 0x00141fff | Pagefile Backed Memory | Readable |
|
|||
odbcint.dll.mui | 0x00150000 | 0x0015afff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | Readable |
|
|||
mfc42u.dll.mui | 0x00170000 | 0x00177fff | Memory Mapped File | Readable, Writable |
|
|||
setupapi.dll.mui | 0x00180000 | 0x0018cfff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000190000 | 0x00190000 | 0x00190fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000001a0000 | 0x001a0000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x002effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000002b0000 | 0x002b0000 | 0x002effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002f0000 | 0x002f0000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
crypt32.dll.mui | 0x002f0000 | 0x002f8fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000300000 | 0x00300000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x003bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003c0000 | 0x003c0000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
fwcfg.dll.mui | 0x003c0000 | 0x003d0fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000400000 | 0x00400000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|||
p2pnetsh.dll.mui | 0x00440000 | 0x00449fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000560000 | 0x00560000 | 0x005dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000620000 | 0x00620000 | 0x0062ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000630000 | 0x00630000 | 0x007b7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007c0000 | 0x007c0000 | 0x00940fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000950000 | 0x00950000 | 0x00a4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a50000 | 0x00a50000 | 0x00bfffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a50000 | 0x00a50000 | 0x00a9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ae0000 | 0x00ae0000 | 0x00b1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000b40000 | 0x00b40000 | 0x00b7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000bc0000 | 0x00bc0000 | 0x00bfffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00c00000 | 0x00ecefff | Memory Mapped File | Readable |
|
|||
private_0x0000000000ed0000 | 0x00ed0000 | 0x0105ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ed0000 | 0x00ed0000 | 0x00f0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000f20000 | 0x00f20000 | 0x0101ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001050000 | 0x01050000 | 0x0105ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001090000 | 0x01090000 | 0x010affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000010b0000 | 0x010b0000 | 0x0118efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001190000 | 0x01190000 | 0x011cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000011d0000 | 0x011d0000 | 0x0120ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001210000 | 0x01210000 | 0x0124ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012b0000 | 0x012b0000 | 0x012effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012f0000 | 0x012f0000 | 0x0132ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001350000 | 0x01350000 | 0x0138ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000014c0000 | 0x014c0000 | 0x014fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001530000 | 0x01530000 | 0x0162ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001640000 | 0x01640000 | 0x0167ffff | Private Memory | Readable, Writable |
|
|||
netsh.exe | 0x01740000 | 0x0175afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000001760000 | 0x01760000 | 0x02b5ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002c20000 | 0x02c20000 | 0x02d1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e60000 | 0x02e60000 | 0x02f5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ff0000 | 0x02ff0000 | 0x030effff | Private Memory | Readable, Writable |
|
|||
bcryptprimitives.dll | 0x738e0000 | 0x7391cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x73920000 | 0x73935fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qagent.dll | 0x73960000 | 0x7398dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
peerdistsh.dll | 0x73990000 | 0x73a34fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanhlp.dll | 0x73a40000 | 0x73a56fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanapi.dll | 0x73a60000 | 0x73a75fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x73a80000 | 0x73a8dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanutil.dll | 0x73a90000 | 0x73a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netshell.dll | 0x73aa0000 | 0x73d04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlancfg.dll | 0x73d20000 | 0x73d4dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pcollab.dll | 0x73d50000 | 0x73db7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2p.dll | 0x73dc0000 | 0x73df7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pnetsh.dll | 0x73e00000 | 0x73e24fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
polstore.dll | 0x73e30000 | 0x73e75fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
adsldpc.dll | 0x73e80000 | 0x73eb3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
activeds.dll | 0x73ec0000 | 0x73ef4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x73f00000 | 0x73f0afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x73f10000 | 0x73f26fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x73f30000 | 0x73f51fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshipsec.dll | 0x73f60000 | 0x73fb8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
certcli.dll | 0x73fc0000 | 0x74015fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napmontr.dll | 0x74020000 | 0x74048fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappprxy.dll | 0x74050000 | 0x74060fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
onex.dll | 0x74070000 | 0x740a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappcfg.dll | 0x740b0000 | 0x740defff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x740e0000 | 0x740f3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3api.dll | 0x74100000 | 0x74119fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3cfg.dll | 0x74120000 | 0x74136fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcnsh.dll | 0x74140000 | 0x7414afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x74150000 | 0x7415ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x74160000 | 0x741b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hnetmon.dll | 0x741c0000 | 0x741c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x741d0000 | 0x7421efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x74220000 | 0x74263fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netiohlp.dll | 0x74270000 | 0x7429bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nci.dll | 0x742a0000 | 0x742b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
whhelper.dll | 0x742c0000 | 0x742c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devrtl.dll | 0x742d0000 | 0x742ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winipsec.dll | 0x742e0000 | 0x742f3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcrypt.dll | 0x74300000 | 0x74316fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
authfwcfg.dll | 0x74320000 | 0x74373fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
firewallapi.dll | 0x74380000 | 0x743f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwcfg.dll | 0x74400000 | 0x74410fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
httpapi.dll | 0x74420000 | 0x7442afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ifmon.dll | 0x74430000 | 0x74438fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74440000 | 0x7447bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2help.dll | 0x74480000 | 0x74482fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshhttp.dll | 0x74490000 | 0x74499fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x744a0000 | 0x744e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qutil.dll | 0x744f0000 | 0x74506fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpqec.dll | 0x74510000 | 0x74526fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x74530000 | 0x7453cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshelper.dll | 0x74540000 | 0x74546fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshwfp.dll | 0x74550000 | 0x745f3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbcint.dll | 0x74600000 | 0x74637fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x74640000 | 0x74651fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcmonitor.dll | 0x74660000 | 0x74665fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x74670000 | 0x74679fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbc32.dll | 0x74680000 | 0x7470bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mfc42u.dll | 0x74710000 | 0x7482efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74830000 | 0x74881fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74890000 | 0x748abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x748b0000 | 0x748e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mprapi.dll | 0x74a40000 | 0x74a68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74a70000 | 0x74a76fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x74a80000 | 0x74a94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74aa0000 | 0x74c3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credui.dll | 0x74c40000 | 0x74c6afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasmontr.dll | 0x74c70000 | 0x74c9dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74d50000 | 0x74d5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74d60000 | 0x74d78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74d80000 | 0x74d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74d90000 | 0x74da0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74db0000 | 0x74dc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
WRITE | STD_OUTPUT_HANDLE | size = 5 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 2 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | RASMONTR.DLL | base_address = 0x74c70000 | 1 |
Fn
|
|
LOAD | NSHWFP.DLL | base_address = 0x74550000 | 1 |
Fn
|
|
LOAD | DHCPCMONITOR.DLL | base_address = 0x74660000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\netsh.exe | base_address = 0x1740000 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\rasmontr.dll | function = InitHelperDll, address = 0x74c86cb9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshwfp.dll | function = InitHelperDll, address = 0x745abbb2 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dhcpcmonitor.dll | function = InitHelperDll, address = 0x74661cd4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wshelper.dll | function = InitHelperDll, address = 0x7454157b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\fwcfg.dll | function = InitHelperDll, address = 0x74402a30 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\authfwcfg.dll | function = InitHelperDll, address = 0x74324420 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ifmon.dll | function = InitHelperDll, address = 0x744317a3 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\netiohlp.dll | function = InitHelperDll, address = 0x74286e4b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\whhelper.dll | function = InitHelperDll, address = 0x742c1c99 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\hnetmon.dll | function = InitHelperDll, address = 0x741c200c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dot3cfg.dll | function = InitHelperDll, address = 0x7412a31d | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\napmontr.dll | function = InitHelperDll, address = 0x7402c7d5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshipsec.dll | function = InitHelperDll, address = 0x73f66910 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\p2pnetsh.dll | function = InitHelperDll, address = 0x73e038e5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wlancfg.dll | function = InitHelperDll, address = 0x73d2c7d8 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\peerdistsh.dll | function = InitHelperDll, address = 0x73a0c796 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address = 0x76bda84f | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | 1 |
Fn
|
Information | Value |
---|---|
ID | #6 |
File Name | c:\windows\syswow64\netsh.exe |
Command Line | C:\Windows\system32\netsh.exe advfirewall firewall add rule name="00EYALeZGh" dir=out action=block program="C:\Program Files (x86)\Windows Defender\boxed.exe" |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:01:11, Reason: Child Process |
Unmonitor | End Time: 00:01:13, Reason: Terminated |
Monitor Duration | 00:00:02 |
Information | Value |
---|---|
PID | 0xa70 |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
A74
0x
A84
0x
A88
0x
A8C
0x
A90
0x
A94
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
netsh.exe.mui | 0x00030000 | 0x00034fff | Memory Mapped File | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000c0000 | 0x000c0000 | 0x0013ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00140000 | 0x001a6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Pagefile Backed Memory | Readable |
|
|||
odbcint.dll.mui | 0x001d0000 | 0x001dafff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e1fff | Pagefile Backed Memory | Readable |
|
|||
mfc42u.dll.mui | 0x001f0000 | 0x001f7fff | Memory Mapped File | Readable, Writable |
|
|||
setupapi.dll.mui | 0x00200000 | 0x0020cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000310000 | 0x00310000 | 0x00310fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000420000 | 0x00420000 | 0x0049ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004a0000 | 0x004a0000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004a0000 | 0x004a0000 | 0x004cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000004a0000 | 0x004a0000 | 0x004a1fff | Pagefile Backed Memory | Readable |
|
|||
crypt32.dll.mui | 0x004b0000 | 0x004b8fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | Private Memory | Readable, Writable |
|
|||
fwcfg.dll.mui | 0x004d0000 | 0x004e0fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000004f0000 | 0x004f0000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000530000 | 0x00530000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000570000 | 0x00570000 | 0x00570fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000580000 | 0x00580000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000590000 | 0x00590000 | 0x00717fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000720000 | 0x00720000 | 0x008a0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000008b0000 | 0x008b0000 | 0x00abffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008b0000 | 0x008b0000 | 0x00a3ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008b0000 | 0x008b0000 | 0x009affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Pagefile Backed Memory | Readable |
|
|||
p2pnetsh.dll.mui | 0x009c0000 | 0x009c9fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000a00000 | 0x00a00000 | 0x00a3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a80000 | 0x00a80000 | 0x00abffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ac0000 | 0x00ac0000 | 0x00c0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ae0000 | 0x00ae0000 | 0x00b1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ba0000 | 0x00ba0000 | 0x00bbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000bd0000 | 0x00bd0000 | 0x00c0ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00c10000 | 0x00edefff | Memory Mapped File | Readable |
|
|||
private_0x0000000000f10000 | 0x00f10000 | 0x00f4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000f70000 | 0x00f70000 | 0x00faffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000fb0000 | 0x00fb0000 | 0x00feffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001030000 | 0x01030000 | 0x0106ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001070000 | 0x01070000 | 0x011effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001070000 | 0x01070000 | 0x0114efff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000011e0000 | 0x011e0000 | 0x011effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001280000 | 0x01280000 | 0x012bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012d0000 | 0x012d0000 | 0x013cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013d0000 | 0x013d0000 | 0x0140ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001410000 | 0x01410000 | 0x0144ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001460000 | 0x01460000 | 0x0149ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001510000 | 0x01510000 | 0x0154ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001550000 | 0x01550000 | 0x0164ffff | Private Memory | Readable, Writable |
|
|||
netsh.exe | 0x01650000 | 0x0166afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000001670000 | 0x01670000 | 0x02a6ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002a70000 | 0x02a70000 | 0x02b6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002bd0000 | 0x02bd0000 | 0x02ccffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e00000 | 0x02e00000 | 0x02efffff | Private Memory | Readable, Writable |
|
|||
bcryptprimitives.dll | 0x737c0000 | 0x737fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x73800000 | 0x73815fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qagent.dll | 0x73820000 | 0x7384dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
peerdistsh.dll | 0x73850000 | 0x738f4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanhlp.dll | 0x73900000 | 0x73916fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanutil.dll | 0x73920000 | 0x73925fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanapi.dll | 0x73930000 | 0x73945fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlancfg.dll | 0x73950000 | 0x7397dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pcollab.dll | 0x73980000 | 0x739e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2p.dll | 0x739f0000 | 0x73a27fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pnetsh.dll | 0x73a30000 | 0x73a54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
polstore.dll | 0x73a60000 | 0x73aa5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
adsldpc.dll | 0x73ab0000 | 0x73ae3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
activeds.dll | 0x73af0000 | 0x73b24fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x73b30000 | 0x73b3afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x73b40000 | 0x73b56fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x73b60000 | 0x73b81fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshipsec.dll | 0x73b90000 | 0x73be8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
certcli.dll | 0x73bf0000 | 0x73c45fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napmontr.dll | 0x73c50000 | 0x73c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappprxy.dll | 0x73c80000 | 0x73c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
onex.dll | 0x73ca0000 | 0x73cd3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappcfg.dll | 0x73ce0000 | 0x73d0efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x73d20000 | 0x73d33fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3api.dll | 0x73d40000 | 0x73d59fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3cfg.dll | 0x73d60000 | 0x73d76fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcnsh.dll | 0x73d80000 | 0x73d8afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x73d90000 | 0x73d9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netshell.dll | 0x73da0000 | 0x74004fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hnetmon.dll | 0x74010000 | 0x74016fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x74020000 | 0x7406efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x74070000 | 0x740c7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
whhelper.dll | 0x740d0000 | 0x740d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x740e0000 | 0x74123fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netiohlp.dll | 0x74130000 | 0x7415bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devrtl.dll | 0x74160000 | 0x7416dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nci.dll | 0x74170000 | 0x74185fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ifmon.dll | 0x74190000 | 0x74198fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winipsec.dll | 0x741a0000 | 0x741b3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcrypt.dll | 0x741c0000 | 0x741d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
authfwcfg.dll | 0x741e0000 | 0x74233fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
firewallapi.dll | 0x74240000 | 0x742b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwcfg.dll | 0x742c0000 | 0x742d0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
httpapi.dll | 0x742e0000 | 0x742eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshhttp.dll | 0x742f0000 | 0x742f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74300000 | 0x7433bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2help.dll | 0x74340000 | 0x74342fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshelper.dll | 0x74350000 | 0x74356fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x74360000 | 0x743a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qutil.dll | 0x743b0000 | 0x743c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpqec.dll | 0x743d0000 | 0x743e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x743f0000 | 0x743fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x74400000 | 0x74411fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcmonitor.dll | 0x74420000 | 0x74425fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x74430000 | 0x74439fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshwfp.dll | 0x74440000 | 0x744e3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbcint.dll | 0x744f0000 | 0x74527fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74530000 | 0x74536fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74540000 | 0x7455bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbc32.dll | 0x74560000 | 0x745ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mfc42u.dll | 0x745f0000 | 0x7470efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x74710000 | 0x74747fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74750000 | 0x748edfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x74a40000 | 0x74a54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74a60000 | 0x74ab1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mprapi.dll | 0x74ac0000 | 0x74ae8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasmontr.dll | 0x74af0000 | 0x74b1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credui.dll | 0x74c30000 | 0x74c5afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74d50000 | 0x74d5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74d60000 | 0x74d78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74d80000 | 0x74d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74d90000 | 0x74da0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74db0000 | 0x74dc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
WRITE | STD_OUTPUT_HANDLE | size = 5 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 2 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | RASMONTR.DLL | base_address = 0x74af0000 | 1 |
Fn
|
|
LOAD | NSHWFP.DLL | base_address = 0x74440000 | 1 |
Fn
|
|
LOAD | DHCPCMONITOR.DLL | base_address = 0x74420000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\netsh.exe | base_address = 0x1650000 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\rasmontr.dll | function = InitHelperDll, address = 0x74b06cb9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshwfp.dll | function = InitHelperDll, address = 0x7449bbb2 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dhcpcmonitor.dll | function = InitHelperDll, address = 0x74421cd4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wshelper.dll | function = InitHelperDll, address = 0x7435157b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\fwcfg.dll | function = InitHelperDll, address = 0x742c2a30 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\authfwcfg.dll | function = InitHelperDll, address = 0x741e4420 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ifmon.dll | function = InitHelperDll, address = 0x741917a3 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\netiohlp.dll | function = InitHelperDll, address = 0x74146e4b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\whhelper.dll | function = InitHelperDll, address = 0x740d1c99 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\hnetmon.dll | function = InitHelperDll, address = 0x7401200c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dot3cfg.dll | function = InitHelperDll, address = 0x73d6a31d | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\napmontr.dll | function = InitHelperDll, address = 0x73c5c7d5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshipsec.dll | function = InitHelperDll, address = 0x73b96910 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\p2pnetsh.dll | function = InitHelperDll, address = 0x73a338e5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wlancfg.dll | function = InitHelperDll, address = 0x7395c7d8 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\peerdistsh.dll | function = InitHelperDll, address = 0x738cc796 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address = 0x76bda84f | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | 1 |
Fn
|
Information | Value |
---|---|
ID | #7 |
File Name | c:\windows\syswow64\netsh.exe |
Command Line | C:\Windows\system32\netsh.exe advfirewall firewall add rule name="BmhPp0CJ13" dir=out action=block program="C:\Program Files (x86)\Windows Defender\eyes-mali-mistress-winter.exe" |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:01:12, Reason: Child Process |
Unmonitor | End Time: 00:01:15, Reason: Terminated |
Monitor Duration | 00:00:03 |
Information | Value |
---|---|
PID | 0xa9c |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
AA0
0x
AB0
0x
AB4
0x
AB8
0x
ABC
0x
AC0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
netsh.exe.mui | 0x00030000 | 0x00034fff | Memory Mapped File | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000060000 | 0x00060000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00170000 | 0x001d6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000240000 | 0x00240000 | 0x00241fff | Pagefile Backed Memory | Readable |
|
|||
odbcint.dll.mui | 0x00250000 | 0x0025afff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000260000 | 0x00260000 | 0x00261fff | Pagefile Backed Memory | Readable |
|
|||
mfc42u.dll.mui | 0x00270000 | 0x00277fff | Memory Mapped File | Readable, Writable |
|
|||
setupapi.dll.mui | 0x00280000 | 0x0028cfff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000290000 | 0x00290000 | 0x00290fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x0031ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000320000 | 0x00320000 | 0x00321fff | Pagefile Backed Memory | Readable |
|
|||
fwcfg.dll.mui | 0x00330000 | 0x00340fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|||
crypt32.dll.mui | 0x00360000 | 0x00368fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000370000 | 0x00370000 | 0x00370fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000380000 | 0x00380000 | 0x00380fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000490000 | 0x00490000 | 0x00617fff | Pagefile Backed Memory | Readable |
|
|||
p2pnetsh.dll.mui | 0x00620000 | 0x00629fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000640000 | 0x00640000 | 0x0064ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000650000 | 0x00650000 | 0x007d0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000007e0000 | 0x007e0000 | 0x008dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000007e0000 | 0x007e0000 | 0x0085ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000860000 | 0x00860000 | 0x0089ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008a0000 | 0x008a0000 | 0x008dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008e0000 | 0x008e0000 | 0x00afffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000008e0000 | 0x008e0000 | 0x009dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000009e0000 | 0x009e0000 | 0x00a3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a90000 | 0x00a90000 | 0x00aaffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ac0000 | 0x00ac0000 | 0x00afffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000b00000 | 0x00b00000 | 0x00cdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000b70000 | 0x00b70000 | 0x00baffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000bb0000 | 0x00bb0000 | 0x00beffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000c10000 | 0x00c10000 | 0x00c4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ca0000 | 0x00ca0000 | 0x00cdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ce0000 | 0x00ce0000 | 0x00e9ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000ce0000 | 0x00ce0000 | 0x00dbefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000df0000 | 0x00df0000 | 0x00e2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000e60000 | 0x00e60000 | 0x00e9ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00ea0000 | 0x0116efff | Memory Mapped File | Readable |
|
|||
private_0x0000000001190000 | 0x01190000 | 0x011cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001220000 | 0x01220000 | 0x0125ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001270000 | 0x01270000 | 0x012affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000012c0000 | 0x012c0000 | 0x012fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013e0000 | 0x013e0000 | 0x014dffff | Private Memory | Readable, Writable |
|
|||
netsh.exe | 0x015f0000 | 0x0160afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000001610000 | 0x01610000 | 0x02a0ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002a70000 | 0x02a70000 | 0x02b6ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002bf0000 | 0x02bf0000 | 0x02c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c50000 | 0x02c50000 | 0x02d4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002e10000 | 0x02e10000 | 0x02e4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002fd0000 | 0x02fd0000 | 0x030cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003190000 | 0x03190000 | 0x0328ffff | Private Memory | Readable, Writable |
|
|||
bcryptprimitives.dll | 0x73780000 | 0x737bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qagent.dll | 0x73800000 | 0x7382dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
peerdistsh.dll | 0x73830000 | 0x738d4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanhlp.dll | 0x738e0000 | 0x738f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x73900000 | 0x73915fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanapi.dll | 0x73920000 | 0x73935fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlancfg.dll | 0x73940000 | 0x7396dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pcollab.dll | 0x73970000 | 0x739d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2p.dll | 0x739e0000 | 0x73a17fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pnetsh.dll | 0x73a20000 | 0x73a44fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
polstore.dll | 0x73a50000 | 0x73a95fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netshell.dll | 0x73aa0000 | 0x73d04fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanutil.dll | 0x73d20000 | 0x73d25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
adsldpc.dll | 0x73d30000 | 0x73d63fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
activeds.dll | 0x73d70000 | 0x73da4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x73db0000 | 0x73dbafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x73dc0000 | 0x73dd6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x73de0000 | 0x73e01fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshipsec.dll | 0x73e10000 | 0x73e68fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
certcli.dll | 0x73e70000 | 0x73ec5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napmontr.dll | 0x73ed0000 | 0x73ef8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappprxy.dll | 0x73f00000 | 0x73f10fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
onex.dll | 0x73f20000 | 0x73f53fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappcfg.dll | 0x73f60000 | 0x73f8efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x73f90000 | 0x73fa3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3api.dll | 0x73fb0000 | 0x73fc9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3cfg.dll | 0x73fd0000 | 0x73fe6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcnsh.dll | 0x73ff0000 | 0x73ffafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x74000000 | 0x7400ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x74010000 | 0x74067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hnetmon.dll | 0x74070000 | 0x74076fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x74080000 | 0x740cefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x740d0000 | 0x74113fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netiohlp.dll | 0x74120000 | 0x7414bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nci.dll | 0x74150000 | 0x74165fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
whhelper.dll | 0x74170000 | 0x74176fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devrtl.dll | 0x74180000 | 0x7418dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winipsec.dll | 0x74190000 | 0x741a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcrypt.dll | 0x741b0000 | 0x741c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
authfwcfg.dll | 0x741d0000 | 0x74223fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
firewallapi.dll | 0x74230000 | 0x742a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwcfg.dll | 0x742b0000 | 0x742c0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x742d0000 | 0x7430bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x74310000 | 0x74351fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ifmon.dll | 0x74360000 | 0x74368fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
httpapi.dll | 0x74370000 | 0x7437afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshhttp.dll | 0x74380000 | 0x74389fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2help.dll | 0x74390000 | 0x74392fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshelper.dll | 0x743a0000 | 0x743a6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpqec.dll | 0x743b0000 | 0x743c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qutil.dll | 0x743d0000 | 0x743e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x743f0000 | 0x74401fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcmonitor.dll | 0x74410000 | 0x74415fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x74420000 | 0x7442cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshwfp.dll | 0x74430000 | 0x744d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbcint.dll | 0x744e0000 | 0x74517fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbc32.dll | 0x74520000 | 0x745abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x745b0000 | 0x7474dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74750000 | 0x7476bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mfc42u.dll | 0x74770000 | 0x7488efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74890000 | 0x748e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x74a40000 | 0x74a49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x74a50000 | 0x74a87fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mprapi.dll | 0x74a90000 | 0x74ab8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74ac0000 | 0x74ac6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x74ad0000 | 0x74ae4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credui.dll | 0x74af0000 | 0x74b1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasmontr.dll | 0x74c30000 | 0x74c5dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74d50000 | 0x74d5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74d60000 | 0x74d78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74d80000 | 0x74d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74d90000 | 0x74da0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74db0000 | 0x74dc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
WRITE | STD_OUTPUT_HANDLE | size = 5 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 2 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | RASMONTR.DLL | base_address = 0x74c30000 | 1 |
Fn
|
|
LOAD | NSHWFP.DLL | base_address = 0x74430000 | 1 |
Fn
|
|
LOAD | DHCPCMONITOR.DLL | base_address = 0x74410000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\netsh.exe | base_address = 0x15f0000 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\rasmontr.dll | function = InitHelperDll, address = 0x74c46cb9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshwfp.dll | function = InitHelperDll, address = 0x7448bbb2 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dhcpcmonitor.dll | function = InitHelperDll, address = 0x74411cd4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wshelper.dll | function = InitHelperDll, address = 0x743a157b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\fwcfg.dll | function = InitHelperDll, address = 0x742b2a30 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\authfwcfg.dll | function = InitHelperDll, address = 0x741d4420 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ifmon.dll | function = InitHelperDll, address = 0x743617a3 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\netiohlp.dll | function = InitHelperDll, address = 0x74136e4b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\whhelper.dll | function = InitHelperDll, address = 0x74171c99 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\hnetmon.dll | function = InitHelperDll, address = 0x7407200c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dot3cfg.dll | function = InitHelperDll, address = 0x73fda31d | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\napmontr.dll | function = InitHelperDll, address = 0x73edc7d5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshipsec.dll | function = InitHelperDll, address = 0x73e16910 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\p2pnetsh.dll | function = InitHelperDll, address = 0x73a238e5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wlancfg.dll | function = InitHelperDll, address = 0x7394c7d8 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\peerdistsh.dll | function = InitHelperDll, address = 0x738ac796 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address = 0x76bda84f | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | 1 |
Fn
|
Information | Value |
---|---|
ID | #8 |
File Name | c:\windows\syswow64\netsh.exe |
Command Line | C:\Windows\system32\netsh.exe advfirewall firewall add rule name="XyHyb1NtXB" dir=out action=block program="C:\Program Files (x86)\Windows Defender\pst-mine.exe" |
Initial Working Directory | C:\Users\hJrD1KOKY DS8lUjv\Desktop |
Monitor | Start Time: 00:01:14, Reason: Child Process |
Unmonitor | End Time: 00:01:17, Reason: Terminated |
Monitor Duration | 00:00:03 |
Information | Value |
---|---|
PID | 0xac8 |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
ACC
0x
ADC
0x
AE0
0x
AE4
0x
AE8
0x
AEC
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
netsh.exe.mui | 0x00030000 | 0x00034fff | Memory Mapped File | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000090000 | 0x00090000 | 0x00091fff | Pagefile Backed Memory | Readable |
|
|||
odbcint.dll.mui | 0x000a0000 | 0x000aafff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000000b0000 | 0x000b0000 | 0x000effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | Readable |
|
|||
mfc42u.dll.mui | 0x00100000 | 0x00107fff | Memory Mapped File | Readable, Writable |
|
|||
setupapi.dll.mui | 0x00110000 | 0x0011cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00220000 | 0x00286fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000290000 | 0x00290000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000290000 | 0x00290000 | 0x00290fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable |
|
|||
fwcfg.dll.mui | 0x002b0000 | 0x002c0fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000002d0000 | 0x002d0000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
crypt32.dll.mui | 0x00310000 | 0x00318fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000320000 | 0x00320000 | 0x00320fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000330000 | 0x00330000 | 0x00330fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | Readable, Writable |
|
|||
p2pnetsh.dll.mui | 0x00350000 | 0x00359fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000360000 | 0x00360000 | 0x003dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003e0000 | 0x003e0000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003e0000 | 0x003e0000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x004bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004d0000 | 0x004d0000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000520000 | 0x00520000 | 0x0061ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000620000 | 0x00620000 | 0x007a7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000007b0000 | 0x007b0000 | 0x00930fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000940000 | 0x00940000 | 0x00a3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a40000 | 0x00a40000 | 0x00b4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a40000 | 0x00a40000 | 0x00a9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a70000 | 0x00a70000 | 0x00a8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a90000 | 0x00a90000 | 0x00a9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ad0000 | 0x00ad0000 | 0x00b0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000b10000 | 0x00b10000 | 0x00b4ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00b50000 | 0x00e1efff | Memory Mapped File | Readable |
|
|||
private_0x0000000000e20000 | 0x00e20000 | 0x00f8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000e80000 | 0x00e80000 | 0x00ebffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ee0000 | 0x00ee0000 | 0x00f1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000f80000 | 0x00f80000 | 0x00f8ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000fd0000 | 0x00fd0000 | 0x0100ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001050000 | 0x01050000 | 0x0114ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001190000 | 0x01190000 | 0x011cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000011d0000 | 0x011d0000 | 0x0120ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000001210000 | 0x01210000 | 0x012eefff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001340000 | 0x01340000 | 0x0137ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013a0000 | 0x013a0000 | 0x013dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001410000 | 0x01410000 | 0x0144ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000014e0000 | 0x014e0000 | 0x0151ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001590000 | 0x01590000 | 0x015cffff | Private Memory | Readable, Writable |
|
|||
netsh.exe | 0x01690000 | 0x016aafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x00000000016b0000 | 0x016b0000 | 0x02aaffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000002b20000 | 0x02b20000 | 0x02c1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002c40000 | 0x02c40000 | 0x02d3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ed0000 | 0x02ed0000 | 0x02fcffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003030000 | 0x03030000 | 0x0312ffff | Private Memory | Readable, Writable |
|
|||
bcryptprimitives.dll | 0x737c0000 | 0x737fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x73800000 | 0x73815fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qagent.dll | 0x73820000 | 0x7384dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
peerdistsh.dll | 0x73850000 | 0x738f4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanhlp.dll | 0x73900000 | 0x73916fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanutil.dll | 0x73920000 | 0x73925fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlanapi.dll | 0x73930000 | 0x73945fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wlancfg.dll | 0x73950000 | 0x7397dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pcollab.dll | 0x73980000 | 0x739e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2p.dll | 0x739f0000 | 0x73a27fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
p2pnetsh.dll | 0x73a30000 | 0x73a54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
polstore.dll | 0x73a60000 | 0x73aa5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
adsldpc.dll | 0x73ab0000 | 0x73ae3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
activeds.dll | 0x73af0000 | 0x73b24fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x73b30000 | 0x73b3afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x73b40000 | 0x73b56fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x73b60000 | 0x73b81fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshipsec.dll | 0x73b90000 | 0x73be8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
certcli.dll | 0x73bf0000 | 0x73c45fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napmontr.dll | 0x73c50000 | 0x73c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappprxy.dll | 0x73c80000 | 0x73c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
onex.dll | 0x73ca0000 | 0x73cd3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
eappcfg.dll | 0x73ce0000 | 0x73d0efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
atl.dll | 0x73d20000 | 0x73d33fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3api.dll | 0x73d40000 | 0x73d59fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dot3cfg.dll | 0x73d60000 | 0x73d76fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcnsh.dll | 0x73d80000 | 0x73d8afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x73d90000 | 0x73d9ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netshell.dll | 0x73da0000 | 0x74004fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
hnetmon.dll | 0x74010000 | 0x74016fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x74020000 | 0x7406efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x74070000 | 0x740c7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
whhelper.dll | 0x740d0000 | 0x740d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x740e0000 | 0x74123fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netiohlp.dll | 0x74130000 | 0x7415bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devrtl.dll | 0x74160000 | 0x7416dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nci.dll | 0x74170000 | 0x74185fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ifmon.dll | 0x74190000 | 0x74198fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winipsec.dll | 0x741a0000 | 0x741b3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
bcrypt.dll | 0x741c0000 | 0x741d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
authfwcfg.dll | 0x741e0000 | 0x74233fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
firewallapi.dll | 0x74240000 | 0x742b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwcfg.dll | 0x742c0000 | 0x742d0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
httpapi.dll | 0x742e0000 | 0x742eafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshhttp.dll | 0x742f0000 | 0x742f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74300000 | 0x7433bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2help.dll | 0x74340000 | 0x74342fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshelper.dll | 0x74350000 | 0x74356fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wevtapi.dll | 0x74360000 | 0x743a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
qutil.dll | 0x743b0000 | 0x743c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpqec.dll | 0x743d0000 | 0x743e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x743f0000 | 0x743fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x74400000 | 0x74411fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcmonitor.dll | 0x74420000 | 0x74425fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x74430000 | 0x74439fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nshwfp.dll | 0x74440000 | 0x744e3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbcint.dll | 0x744f0000 | 0x74527fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x74530000 | 0x74536fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x74540000 | 0x7455bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
odbc32.dll | 0x74560000 | 0x745ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mfc42u.dll | 0x745f0000 | 0x7470efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x74710000 | 0x74747fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74750000 | 0x748edfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x74a40000 | 0x74a54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x74a60000 | 0x74ab1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mprapi.dll | 0x74ac0000 | 0x74ae8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasmontr.dll | 0x74af0000 | 0x74b1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credui.dll | 0x74c30000 | 0x74c5afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wkscli.dll | 0x74d50000 | 0x74d5efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
srvcli.dll | 0x74d60000 | 0x74d78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netutils.dll | 0x74d80000 | 0x74d88fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netapi32.dll | 0x74d90000 | 0x74da0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mpr.dll | 0x74db0000 | 0x74dc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
WRITE | STD_OUTPUT_HANDLE | size = 5 | 1 |
Fn
Data
|
|
WRITE | STD_OUTPUT_HANDLE | size = 2 | 1 |
Fn
Data
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | RASMONTR.DLL | base_address = 0x74af0000 | 1 |
Fn
|
|
LOAD | NSHWFP.DLL | base_address = 0x74440000 | 1 |
Fn
|
|
LOAD | DHCPCMONITOR.DLL | base_address = 0x74420000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\netsh.exe | base_address = 0x1690000 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\rasmontr.dll | function = InitHelperDll, address = 0x74b06cb9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshwfp.dll | function = InitHelperDll, address = 0x7449bbb2 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dhcpcmonitor.dll | function = InitHelperDll, address = 0x74421cd4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wshelper.dll | function = InitHelperDll, address = 0x7435157b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\fwcfg.dll | function = InitHelperDll, address = 0x742c2a30 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\authfwcfg.dll | function = InitHelperDll, address = 0x741e4420 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ifmon.dll | function = InitHelperDll, address = 0x741917a3 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\netiohlp.dll | function = InitHelperDll, address = 0x74146e4b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\whhelper.dll | function = InitHelperDll, address = 0x740d1c99 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\hnetmon.dll | function = InitHelperDll, address = 0x7401200c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\dot3cfg.dll | function = InitHelperDll, address = 0x73d6a31d | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\napmontr.dll | function = InitHelperDll, address = 0x73c5c7d5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\nshipsec.dll | function = InitHelperDll, address = 0x73b96910 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\p2pnetsh.dll | function = InitHelperDll, address = 0x73a338e5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\wlancfg.dll | function = InitHelperDll, address = 0x7395c7d8 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\peerdistsh.dll | function = InitHelperDll, address = 0x738cc796 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address = 0x76bda84f | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh | 1 |
Fn
|
Information | Value |
---|---|
ID | #9 |
File Name | c:\windows\syswow64\mshta.exe |
Command Line | "C:\Windows\SysWOW64\mshta.exe" "C:\Users\hJrD1KOKY DS8lUjv\Desktop\_READ_THIS_FILE_SOESZC_.hta" |
Initial Working Directory | c:\users\hjrd1koky ds8lujv\desktop |
Monitor | Start Time: 00:01:38, Reason: Child Process |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:00:48 |
Information | Value |
---|---|
PID | 0xbd0 |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
BD4
0x
884
0x
8B8
0x
8BC
0x
8AC
0x
8C0
0x
8F8
0x
7A4
0x
334
0x
704
0x
314
0x
9C4
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|||
imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|||
mshta.exe.mui | 0x00020000 | 0x00020fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000070000 | 0x00070000 | 0x000affff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x000b0000 | 0x00116fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000150000 | 0x00150000 | 0x00150fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | Readable |
|
|||
windowsshell.manifest | 0x00170000 | 0x00170fff | Memory Mapped File | Readable |
|
|||
windowsshell.manifest | 0x00170000 | 0x00170fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000000170000 | 0x00170000 | 0x00170fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x0000000000180000 | 0x00180000 | 0x00181fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000290000 | 0x00290000 | 0x00291fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x00000000002b0000 | 0x002b0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|||
oleaccrc.dll | 0x002d0000 | 0x002d0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Pagefile Backed Memory | Readable, Writable |
|
|||
pagefile_0x00000000002e0000 | 0x002e0000 | 0x002e1fff | Pagefile Backed Memory | Readable |
|
|||
urlmon.dll.mui | 0x002f0000 | 0x002f7fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|||
rsaenh.dll | 0x00310000 | 0x0034bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00310000 | 0x0034bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00310000 | 0x0034bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00310000 | 0x0034bfff | Memory Mapped File | Readable |
|
|||
rsaenh.dll | 0x00310000 | 0x0034bfff | Memory Mapped File | Readable |
|
|||
oleacc.dll | 0x00310000 | 0x00348fff | Memory Mapped File | Readable |
|
|||
index.dat | 0x00310000 | 0x00317fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00320000 | 0x00323fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00320000 | 0x00327fff | Memory Mapped File | Readable, Writable |
|
|||
index.dat | 0x00330000 | 0x0033ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000350000 | 0x00350000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003d0000 | 0x003d0000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000470000 | 0x00470000 | 0x00470fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000480000 | 0x00480000 | 0x00480fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000490000 | 0x00490000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000590000 | 0x00590000 | 0x0066efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000680000 | 0x00680000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000690000 | 0x00690000 | 0x00817fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000820000 | 0x00820000 | 0x009a0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000009c0000 | 0x009c0000 | 0x009fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a00000 | 0x00a00000 | 0x00a3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a40000 | 0x00a40000 | 0x00a40fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a50000 | 0x00a50000 | 0x00a50fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a60000 | 0x00a60000 | 0x00a9ffff | Private Memory | Readable, Writable |
|
|||
mshta.exe | 0x00aa0000 | 0x00aaefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000ab0000 | 0x00ab0000 | 0x01eaffff | Pagefile Backed Memory | Readable |
|
|||
msxml3r.dll | 0x01eb0000 | 0x01eb0fff | Memory Mapped File | Readable |
|
|||
pagefile_0x0000000001ec0000 | 0x01ec0000 | 0x01ec1fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001ee0000 | 0x01ee0000 | 0x01fdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fe0000 | 0x01fe0000 | 0x0217ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fe0000 | 0x01fe0000 | 0x0202ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002030000 | 0x02030000 | 0x0205ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002030000 | 0x02030000 | 0x0204ffff | Private Memory | - |
|
|||
c_20127.nls | 0x02050000 | 0x02060fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002080000 | 0x02080000 | 0x020bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000020e0000 | 0x020e0000 | 0x0211ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002140000 | 0x02140000 | 0x0217ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x02180000 | 0x0244efff | Memory Mapped File | Readable |
|
|||
private_0x0000000002450000 | 0x02450000 | 0x0254ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002580000 | 0x02580000 | 0x025bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000025d0000 | 0x025d0000 | 0x026cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026e0000 | 0x026e0000 | 0x0271ffff | Private Memory | Readable, Writable |
|
|||
index.dat | 0x02720000 | 0x0275ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002790000 | 0x02790000 | 0x027cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027d0000 | 0x027d0000 | 0x0287ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027e0000 | 0x027e0000 | 0x0281ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002820000 | 0x02820000 | 0x0285ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002870000 | 0x02870000 | 0x0287ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002880000 | 0x02880000 | 0x0297ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002980000 | 0x02980000 | 0x02a7ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002ab0000 | 0x02ab0000 | 0x02baffff | Private Memory | Readable, Writable |
|
|||
ieframe.dll.mui | 0x02bb0000 | 0x02cdffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002ce0000 | 0x02ce0000 | 0x02dcffff | Private Memory | Readable, Writable |
|
|||
staticcache.dat | 0x02dd0000 | 0x036fffff | Memory Mapped File | Readable |
|
|||
private_0x0000000003700000 | 0x03700000 | 0x037fffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x03800000 | 0x038bffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000038d0000 | 0x038d0000 | 0x039cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000039e0000 | 0x039e0000 | 0x03adffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ae0000 | 0x03ae0000 | 0x03bdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003be0000 | 0x03be0000 | 0x03dcffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003be0000 | 0x03be0000 | 0x03d5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003cd0000 | 0x03cd0000 | 0x03d0ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d20000 | 0x03d20000 | 0x03d5ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d90000 | 0x03d90000 | 0x03dcffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003dd0000 | 0x03dd0000 | 0x041cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004200000 | 0x04200000 | 0x042fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004300000 | 0x04300000 | 0x044effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004320000 | 0x04320000 | 0x0435ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004390000 | 0x04390000 | 0x0448ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000044e0000 | 0x044e0000 | 0x044effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000045b0000 | 0x045b0000 | 0x046affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004790000 | 0x04790000 | 0x0488ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000004890000 | 0x04890000 | 0x0498ffff | Private Memory | Readable, Writable |
|
|||
dhcpcsvc6.dll | 0x72540000 | 0x7254cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x72550000 | 0x72561fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x72570000 | 0x72577fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x725f0000 | 0x72649fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x72650000 | 0x72687fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wship6.dll | 0x72690000 | 0x72695fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winrnr.dll | 0x726a0000 | 0x726a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pnrpnsp.dll | 0x726b0000 | 0x726c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napinsp.dll | 0x726d0000 | 0x726dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x726e0000 | 0x726e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x726f0000 | 0x726fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sensapi.dll | 0x72700000 | 0x72705fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rtutils.dll | 0x72710000 | 0x7271cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasman.dll | 0x72800000 | 0x72814fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasapi32.dll | 0x72820000 | 0x72871fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x72880000 | 0x72886fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x72890000 | 0x728abfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x728b0000 | 0x728f3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msxml3.dll | 0x72910000 | 0x72a42fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
jscript.dll | 0x72de0000 | 0x72e91fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mlang.dll | 0x72f10000 | 0x72f3dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ieframe.dll | 0x730c0000 | 0x73b3ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sxs.dll | 0x73d50000 | 0x73daefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msimtf.dll | 0x73db0000 | 0x73dbafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleacc.dll | 0x73dd0000 | 0x73e0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msls31.dll | 0x73e40000 | 0x73e69fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mshtml.dll | 0x74090000 | 0x74646fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x748f0000 | 0x74902fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x74a50000 | 0x74a70fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74a80000 | 0x74c1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x74c40000 | 0x74c4afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x74c50000 | 0x74c54fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x74c60000 | 0x74c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msasn1.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wininet.dll | 0x76250000 | 0x76344fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
urlmon.dll | 0x76720000 | 0x76855fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iertutil.dll | 0x76860000 | 0x76a5afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
crypt32.dll | 0x76a60000 | 0x76b7cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
normaliz.dll | 0x76fd0000 | 0x76fd2fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x77510000 | 0x77514fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Filename | File Size | Hash Values | YARA Match | Actions |
---|---|---|---|---|
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\ietldcache\index.dat | 256.00 KB (262144 bytes) |
MD5:
523c9c2f0803c81fb5baf9ae734c5313
SHA1: 2bdb52c4b4920a39084818ab848a39bde4e6fe19 SHA256: 8f32b74a611bdcf55195007d815d1028c287d4068c1feea68061aeec9626455f |
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | c:\users\hjrd1koky ds8lujv\desktop\_read_this_file_soeszc_.hta | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL | 1 |
Fn
|
|
OPEN | STD_INPUT_HANDLE | 1 |
Fn
|
||
OPEN | STD_OUTPUT_HANDLE | 1 |
Fn
|
||
OPEN | STD_ERROR_HANDLE | 1 |
Fn
|
||
READ | c:\users\hjrd1koky ds8lujv\desktop\_read_this_file_soeszc_.hta | size = 4096 | 1 |
Fn
Data
|
|
FIND | C:\Users\hJrD1KOKY DS8lUjv\Desktop\_READ_THIS_FILE_SOESZC_.hta | 1 |
Fn
|
Operation | Module | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
LOAD | C:\Windows\SysWOW64\mshtml.dll | base_address = 0x74090000 | 1 |
Fn
|
|
LOAD | comctl32.dll | base_address = 0x74a80000 | 1 |
Fn
|
|
LOAD | OLEAUT32.dll | base_address = 0x76360000 | 1 |
Fn
|
|
LOAD | mshtml.dll | base_address = 0x74090000 | 2 |
Fn
|
|
LOAD | OLEACC.DLL | base_address = 0x73dd0000 | 1 |
Fn
|
|
LOAD | ieframe.dll | base_address = 0x730c0000 | 2 |
Fn
|
|
LOAD | IEFRAME.dll | base_address = 0x730c0000 | 1 |
Fn
|
|
LOAD | oleaut32.dll | base_address = 0x76360000 | 1 |
Fn
|
|
LOAD | ADVAPI32.dll | base_address = 0x75150000 | 1 |
Fn
|
|
LOAD | ole32.dll | base_address = 0x75e50000 | 1 |
Fn
|
|
LOAD | kernel32.dll | base_address = 0x76bb0000 | 1 |
Fn
|
|
LOAD | CRYPT32.dll | base_address = 0x76a60000 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\mshta.exe | base_address = 0xaa0000 | 2 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\kernel32.dll | base_address = 0x76bb0000 | 5 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\kernelbase.dll | base_address = 0x76fe0000 | 26 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\advapi32.dll | base_address = 0x75150000 | 1 |
Fn
|
|
GET_HANDLE | EXPLORER.EXE | base_address = 0x0 | 1 |
Fn
|
|
GET_HANDLE | IEXPLORE.EXE | base_address = 0x0 | 1 |
Fn
|
|
GET_HANDLE | c:\windows\syswow64\ole32.dll | base_address = 0x75e50000 | 1 |
Fn
|
|
CREATE_MAPPING | module_name = Local\!PrivacIE!SharedMem!Counter, maximum_size = 16, protection = PAGE_READWRITE | 1 |
Fn
|
||
MAP | c:\windows\syswow64\mshta.exe | os_pid = 0xbd0, module_name = Local\!PrivacIE!SharedMem!Counter, desired_access = FILE_MAP_WRITE, file_offset = 0, address = 0x130000 | 1 |
Fn
|
|
GET_FILENAME | C:\Windows\SysWOW64\mshta.exe | 5 |
Fn
|
||
GET_FILENAME | C:\Windows\SysWOW64\mshtml.dll | file_name = C:\Windows\SysWOW64\mshtml.dll | 1 |
Fn
|
|
GET_FILENAME | c:\windows\syswow64\mshta.exe | file_name = C:\Windows\SysWOW64\mshta.exe | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address = 0x76bc4f2b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address = 0x76bc1252 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address = 0x76bc4208 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = FlsFree, address = 0x76bc359f | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernelbase.dll | function = EncodePointer, address = 0x77580fcb | 9 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernelbase.dll | function = DecodePointer, address = 0x77579d35 | 17 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernelbase.dll | function = InitializeCriticalSectionAndSpinCount, address = 0x76ff004f | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = HeapSetInformation, address = 0x76bc5651 | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = EventWrite, address = 0x775a0c59 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = EventRegister, address = 0x7757f6ba | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = EventUnregister, address = 0x77599241 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = RegisterApplicationRestart, address = 0x76beb53c | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\mshtml.dll | function = RunHTMLApplication, address = 0x740ee710 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = InitializeSRWLock, address = 0x77578456 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockExclusive, address = 0x775729f1 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockShared, address = 0x77572560 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockExclusive, address = 0x775729ab | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockShared, address = 0x775725a9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleaut32.dll | function = 6, address = 0x76363e59 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleaut32.dll | function = 7, address = 0x76364680 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleaut32.dll | function = 8, address = 0x76363ed5 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleacc.dll | function = LresultFromObject, address = 0x73dd2663 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ieframe.dll | function = 234, address = 0x73128ed9 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleaut32.dll | function = 2, address = 0x76364642 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleaut32.dll | function = VariantClear, address = 0x76363eae | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = RegisterTraceGuidsA, address = 0x775a848f | 2 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address = 0x75164907 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address = 0x751648ef | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address = 0x7516469d | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ole32.dll | function = CoGetObjectContext, address = 0x75e9632b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address = 0x75e99d0b | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\kernel32.dll | function = LCIDToLocaleName, address = 0x76beced4 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\oleaut32.dll | function = 147, address = 0x76364c28 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\crypt32.dll | function = CryptStringToBinaryW, address = 0x76a95f65 | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\uxtheme.dll | function = 61, address = 0x749306fe | 1 |
Fn
|
|
GET_PROC_ADDRESS | c:\windows\syswow64\uxtheme.dll | function = DrawThemeBackground, address = 0x7492d464 | 1 |
Fn
|
Operation | Class | Interface | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|---|
CREATE | {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} | IUnknown | cls_context = CLSCTX_INPROC_SERVER | 1 |
Fn
|
|
CREATE | {3050F5C8-98B5-11CF-BB82-00AA00BDCE0B} | IClassFactory | 1 |
Fn
|
||
CREATE | {3050F406-98B5-11CF-BB82-00AA00BDCE0B} | IClassFactory | 4 |
Fn
|
||
CREATE | CActiveIMMAppEx_Trident | IActiveIMMApp | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD | 1 |
Fn
|
|
CREATE | {275C23E2-3747-11D0-9FEA-00AA003F8646} | {DCCFC164-2B38-11D2-B7EC-00C04F8F5D9A} | cls_context = CLSCTX_INPROC_SERVER | 1 |
Fn
|
|
CREATE | JScriptEngine5 | IActiveScript | cls_context = CLSCTX_INPROC_SERVER | 2 |
Fn
|
|
CREATE | JScriptEngine5 | IClassFactory | 2 |
Fn
|
||
CREATE | StdGlobalInterfaceTable | IGlobalInterfaceTable | cls_context = CLSCTX_INPROC_SERVER | 1 |
Fn
|
|
CREATE | {6C736DB1-BD94-11D0-8A23-00AA00B58E10} | ISystemDebugEventFire | cls_context = CLSCTX_INPROC_SERVER | 2 |
Fn
|
|
CREATE | {3C374A40-BAE4-11CF-BF7D-00AA006946EE} | IUrlHistoryStg | cls_context = CLSCTX_INPROC_SERVER | 1 |
Fn
|
|
CREATE | XMLHTTP30 | IXMLHttpRequest | cls_context = CLSCTX_INPROC_SERVER | 2 |
Fn
|
|
QUERY | IInternetSecurityMgrSite | new_interface = IServiceProvider | 8 |
Fn
|
||
QUERY | IClassFactory | new_interface = IClassFactory | 1 |
Fn
|
||
QUERY | IClassFactory | new_interface = IInternetProtocolInfo | 4 |
Fn
|
||
QUERY | IMoniker | new_interface = IUriContainer | 3 |
Fn
|
||
QUERY | IUri | new_interface = {50295B0C-6B79-4935-AED8-05D80EC86A60} | 12 |
Fn
|
||
QUERY | IInternetProtocol | new_interface = {53C84785-8425-4DC5-971B-E58D9C19F9B6} | 1 |
Fn
|
||
QUERY | IInternetProtocol | new_interface = IInternetProtocolEx | 1 |
Fn
|
||
QUERY | IInternetBindInfo | new_interface = {A3E015B7-A82C-4DCD-A150-569AEEED36AB} | 1 |
Fn
|
||
QUERY | IInternetProtocol | new_interface = {79EAC9D8-BAFA-11CE-8C82-00AA004BA90B} | 1 |
Fn
|
||
QUERY | IInternetProtocol | new_interface = {79EAC9D6-BAFA-11CE-8C82-00AA004BA90B} | 1 |
Fn
|
||
QUERY | IUri | new_interface = {50295B0C-6B79-4935-AED8-05D80EC86A60} | 148 |
Fn
|
||
QUERY | JScriptEngine5 | IClassFactory | new_interface = IActiveScript, | 2 |
Fn
|
|
QUERY | JScriptEngine5 | IActiveScript | new_interface = IActiveScript | 1 |
Fn
|
|
QUERY | IUnknown | new_interface = {0000001B-0000-0000-C000-000000000046} | 4 |
Fn
|
||
QUERY | IUnknown | new_interface = {00000003-0000-0000-C000-000000000046} | 4 |
Fn
|
||
QUERY | IUrlHistoryStg | new_interface = {0CD040B2-39BA-4CDF-96CF-C1929D3B9898} | 105 |
Fn
|
||
QUERY | XMLHTTP30 | IXMLHttpRequest | new_interface = {CB5BDC81-93C1-11CF-8F20-00805F2CD064}, | 2 |
Fn
|
|
QUERY | XMLHTTP30 | IXMLHttpRequest | new_interface = IObjectWithSite, | 2 |
Fn
|
|
QUERY | IUnknown | new_interface = IUnknown | 2 |
Fn
|
||
QUERY | IUnknown | new_interface = IServiceProvider | 4 |
Fn
|
||
QUERY | IDispatch | new_interface = IHTMLElement | 16 |
Fn
|
||
QUERY | IUnknown | new_interface = {2933BF81-7B36-11D2-B20E-00C04F983E60} | 2 |
Fn
|
||
QUERY | IUnknown | new_interface = {00000118-0000-0000-C000-000000000046} | 2 |
Fn
|
||
QUERY | IUnknown | new_interface = {00000000-0000-0000-C000-000000000046} | 1 |
Fn
|
||
METHOD | IUri | method = GetPropertyDWORD | 11 |
Fn
|
||
METHOD | IInternetSecurityManager | method = SetSecuritySite | 3 |
Fn
|
||
METHOD | IInternetSecurityMgrSite | method = AddRef | 261 |
Fn
|
||
METHOD | IServiceProvider | method = QueryService | 8 |
Fn
|
||
METHOD | IInternetSecurityManager | method = GetSecurityId | 11 |
Fn
|
||
METHOD | IInternetProtocolInfo | method = ParseUrl | 2 |
Fn
|
||
METHOD | IInternetProtocolInfo | method = ParseUrl | 2 |
Fn
|
||
METHOD | IServiceProvider | new_interface = IInternetSecurityManager, method = QueryService | 2 |
Fn
|
||
METHOD | IMoniker | method = GetDisplayName | 2 |
Fn
|
||
METHOD | IUriContainer | new_interface = IUri, method = GetIUri | 3 |
Fn
|
||
METHOD | IUri | method = AddRef | 21 |
Fn
|
||
METHOD | IUri | method = GetScheme | 21 |
Fn
|
||
METHOD | IUri | method = GetAbsoluteUri | 11 |
Fn
|
||
METHOD | IUri | method = GetScheme | 6 |
Fn
|
||
METHOD | IUri | method = GetAbsoluteUri | 1 |
Fn
|
||
METHOD | IUri | method = IsEqual | 3 |
Fn
|
||
METHOD | IInternetSecurityManager | method = GetSecurityId | 10 |
Fn
|
||
METHOD | IInternetSecurityManager | method = MapUrlToZone | 39 |
Fn
|
||
METHOD | IInternetSecurityManager | method = ProcessUrlAction | 37 |
Fn
|
||
METHOD | IInternetSession | method = RegisterNameSpace | 2 |
Fn
|
||
METHOD | IMoniker | method = IsSystemMoniker | 1 |
Fn
|
||
METHOD | IInternetSession | new_interface = IInternetProtocol, method = CreateBinding | 1 |
Fn
|
||
METHOD | IInternetProtocol | method = AddRef | 1 |
Fn
|
||
METHOD | IInternetProtocol | method = StartEx | 1 |
Fn
|
||
METHOD | IInternetBindInfo | method = GetBindInfo | 1 |
Fn
|
||
METHOD | IInternetProtocolSink | method = ReportProgress | 3 |
Fn
|
||
METHOD | IInternetProtocolSink | method = ReportData | 1 |
Fn
|
||
METHOD | IInternetProtocolSink | method = ReportResult | 1 |
Fn
|
||
METHOD | IInternetProtocol | method = Read | 20 |
Fn
|
||
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = FilterClientWindows | 1 |
Fn
|
|
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = OnDefWindowProc | 18 |
Fn
|
|
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = Activate | 1 |
Fn
|
|
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = OnDefWindowProc | 4 |
Fn
|
|
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = getContext | 1 |
Fn
|
|
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = AssociateContext | 1 |
Fn
|
|
METHOD | IStream | method = RemoteWrite | 22 |
Fn
|
||
METHOD | IStream | method = RemoteSeek | 2 |
Fn
|
||
METHOD | IStream | new_interface = IStream, method = Clone | 1 |
Fn
|
||
METHOD | IStream | method = RemoteRead | 23 |
Fn
|
||
METHOD | IStream | method = AddRef | 1 |
Fn
|
||
METHOD | IInternetProtocol | method = Read | 1 |
Fn
|
||
METHOD | IInternetProtocol | method = Terminate | 1 |
Fn
|
||
METHOD | JScriptEngine5 | IClassFactory | new_interface = IActiveScript, method = CreateInstance | 2 |
Fn
|
|
METHOD | JScriptEngine5 | IActiveScript | method = AddRef | 1 |
Fn
|
|
METHOD | ISystemDebugEventFire | method = BeginSession | 2 |
Fn
|
||
METHOD | StdGlobalInterfaceTable | IGlobalInterfaceTable | method = RegisterInterfaceInGlobal | 1 |
Fn
|
|
METHOD | ISystemDebugEventFire | method = IsActive | 46 |
Fn
|
||
METHOD | IUri | method = GetSchemeName | 4 |
Fn
|
||
METHOD | IInternetSecurityManager | method = MapUrlToZone | 1 |
Fn
|
||
METHOD | IUri | method = GetPathAndQuery | 1 |
Fn
|
||
METHOD | XMLHTTP30 | IObjectWithSite | method = SetSite | 1 |
Fn
|
|
METHOD | IUnknown | method = AddRef | 3 |
Fn
|
||
METHOD | IServiceProvider | method = QueryService | 4 |
Fn
|
||
METHOD | IServiceProvider | new_interface = IHTMLDocument2, method = QueryService | 2 |
Fn
|
||
METHOD | IHTMLDocument2 | new_interface = IHTMLElementCollection, method = get_all | 2 |
Fn
|
||
METHOD | IHTMLElementCollection | method = get_length | 2 |
Fn
|
||
METHOD | IHTMLElementCollection | new_interface = IDispatch, method = item | 16 |
Fn
|
||
METHOD | IHTMLElement | method = get_forms | 14 |
Fn
|
||
METHOD | IHTMLElement | new_interface = IHTMLElementCollection, method = get_forms | 2 |
Fn
|
||
METHOD | IHTMLDocument2 | method = get_url | 2 |
Fn
|
||
METHOD | IHTMLDocument2 | method = QueryService | 4 |
Fn
|
||
METHOD | IHTMLDocument2 | new_interface = IHTMLDocument2, method = QueryService | 2 |
Fn
|
||
METHOD | IServiceProvider | method = get_url | 2 |
Fn
|
||
METHOD | IUnknown | new_interface = IInternetHostSecurityManager, method = QueryService | 2 |
Fn
|
||
METHOD | IServiceProvider | method = AddRef | 3 |
Fn
|
||
METHOD | XMLHTTP30 | IXMLHttpRequest | method = put_onreadystatechange | 2 |
Fn
|
|
METHOD | XMLHTTP30 | IXMLHttpRequest | method = AddRef | 1 |
Fn
|
|
METHOD | XMLHTTP30 | IXMLHttpRequest | method = open | 1 |
Fn
|
|
METHOD | IDispatch | method = Invoke | 2 |
Fn
|
||
METHOD | XMLHTTP30 | IXMLHttpRequest | method = get_readyState | 6 |
Fn
|
|
METHOD | IHTMLDocument2 | method = AddRef | 1 |
Fn
|
||
METHOD | XMLHTTP30 | IXMLHttpRequest | method = send | 1 |
Fn
|
|
METHOD | IDispatch | method = AddRef | 2 |
Fn
|
||
METHOD | IUnknown | method = QueryService | 2 |
Fn
|
||
METHOD | IDispatch | method = Invoke | 2 |
Fn
|
||
METHOD | XMLHTTP30 | IXMLHttpRequest | method = get_status | 1 |
Fn
|
|
METHOD | XMLHTTP30 | IObjectWithSite | method = SetSite | 1 |
Fn
|
|
METHOD | XMLHTTP30 | IXMLHttpRequest | method = get_responseText | 1 |
Fn
|
|
METHOD | CActiveIMMAppEx_Trident | IActiveIMMApp | method = AddRef | 1 |
Fn
|
Operation | Key | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE_KEY | HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings | 1 |
Fn
|
||
OPEN_KEY | HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl | 1 |
Fn
|
||
OPEN_KEY | HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl | 28 |
Fn
|
||
OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ARIA_SUPPORT | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CSS_SHOW_HIDE_EVENTS | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISPLAY_NODE_ADVISE_KB833311 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_EXPANDURI_BYPASS | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATABINDING_SUPPORT | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CLEANUP_AT_FLS | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM | 1 |
Fn
|
||
OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION | 1 |
Fn
|
||
OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN | 1 |
Fn
|
||
READ_VALUE | HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 | data_ident_out = C:\Windows\SysWOW64\mshtml.dll | 1 |
Fn
|
|
READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = NoFileMenu | 1 |
Fn
|
|
READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup | value_name = Print_Background | 1 |
Fn
|
|
READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 | value_name = COM+Enabled, data_ident_out = 1 | 1 |
Fn
|
|
READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings | value_name = JITDebug, data_ident_out = 0 | 1 |
Fn
|
Operation | Window Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | class_name = HTML Application Host Window Class, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 1952224896 | 1 |
Fn
|
||
CREATE | window_name = , class_name = HTML Application Host Window Class, x_coordinate = 18446744071562067968, y_coordinate = 18446744071562067968, width = 18446744071562067968, height = 18446744071562067968, class_name = HTML Application Host Window Class, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 1952224896 | 1 |
Fn
|
||
CREATE | x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 | 1 |
Fn
|
||
CREATE | x_coordinate = 0, y_coordinate = 0, width = 1064, height = 587, class_name = HTML Application Host Window Class, x_coordinate = 18446744071562067968, y_coordinate = 18446744071562067968, width = 18446744071562067968, height = 18446744071562067968, window_parameter = 4989592 | 1 |
Fn
|
||
SET_ATTRIBUTE | class_name = HTML Application Host Window Class, x_coordinate = 18446744071562067968, y_coordinate = 18446744071562067968, width = 18446744071562067968, height = 18446744071562067968 | 1 |
Fn
|
||
SET_ATTRIBUTE | x_coordinate = 0, y_coordinate = 0, width = 1064, height = 587 | 1 |
Fn
|
||
SET_ATTRIBUTE | class_name = HTML Application Host Window Class, x_coordinate = 18446744071562067968, y_coordinate = 18446744071562067968, width = 18446744071562067968, height = 18446744071562067968 | 1 |
Fn
|
||
SET_ATTRIBUTE | class_name = HTML Application Host Window Class, x_coordinate = 18446744071562067968, y_coordinate = 18446744071562067968, width = 18446744071562067968, height = 18446744071562067968 | 1 |
Fn
|
Operation | Virtual Key Code | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
GET_INFO | KB_LOCALE_ID | 2 |
Fn
|
||
READ | VK_SHIFT | result_out = 0 | 6 |
Fn
|
|
READ | VK_CONTROL | result_out = 0 | 6 |
Fn
|
|
READ | VK_MENU | result_out = 0 | 6 |
Fn
|
|
READ | VK_LSHIFT | result_out = 0 | 2 |
Fn
|
|
READ | VK_LCONTROL | result_out = 0 | 2 |
Fn
|
|
READ | VK_LMENU | result_out = 0 | 2 |
Fn
|
|
READ | VK_LBUTTON | result_out = 0 | 4 |
Fn
|
|
READ | VK_RBUTTON | result_out = 0 | 4 |
Fn
|
|
READ | VK_MBUTTON | result_out = 0 | 4 |
Fn
|
Operation | Information | Success | Count | Logfile |
---|---|---|---|---|
GET_CURSOR | x_out = 502, y_out = 693 | 4 |
Fn
|
|
SLEEP | duration = 100 milliseconds (0.100 seconds) | 2 |
Fn
|
|
SLEEP | duration = 0 milliseconds (0.000 seconds) | 1 |
Fn
|
Operation | Name | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
CREATE | Local\!PrivacIE!SharedMemory!Mutex | initial_owner = 0 | 1 |
Fn
|
Operation | Filename | Additional Information | Success | Count | Logfile |
---|---|---|---|---|---|
READ | Win.ini | section_name = windows, key_name = DragDelay, default_value = 20 | 1 |
Fn
|
|
READ | Win.ini | section_name = windows, key_name = DragScrollInset, default_value = 11 | 1 |
Fn
|
|
READ | Win.ini | section_name = windows, key_name = DragScrollDelay, default_value = 50 | 1 |
Fn
|
|
READ | Win.ini | section_name = windows, key_name = DragDelay, default_value = 200 | 1 |
Fn
|
|
READ | Win.ini | section_name = windows, key_name = DragScrollInterval, default_value = 50 | 1 |
Fn
|
Information | Value |
---|---|
ID | #10 |
File Name | c:\windows\syswow64\notepad.exe |
Command Line | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\hJrD1KOKY DS8lUjv\Desktop\_READ_THIS_FILE_6LJV87LC_.txt |
Initial Working Directory | c:\users\hjrd1koky ds8lujv\desktop |
Monitor | Start Time: 00:01:39, Reason: Child Process |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:00:47 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0xbdc |
Parent PID | 0x9e0 (c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
BE0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
notepad.exe.mui | 0x00020000 | 0x00022fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000100000 | 0x00100000 | 0x00101fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000160000 | 0x00160000 | 0x0023efff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0027ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000380000 | 0x00380000 | 0x0038ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003a0000 | 0x003a0000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000540000 | 0x00540000 | 0x0063ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000640000 | 0x00640000 | 0x007c7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000007e0000 | 0x007e0000 | 0x007effff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000007f0000 | 0x007f0000 | 0x00970fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000b10000 | 0x00b10000 | 0x00b4ffff | Private Memory | Readable, Writable |
|
|||
notepad.exe | 0x00f20000 | 0x00f4ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000f50000 | 0x00f50000 | 0x0234ffff | Pagefile Backed Memory | Readable |
|
|||
winspool.drv | 0x73fe0000 | 0x74030fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x748f0000 | 0x74902fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74a80000 | 0x74c1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comdlg32.dll | 0x76f50000 | 0x76fcafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Information | Value |
---|---|
ID | #11 |
File Name | c:\windows\syswow64\dllhost.exe |
Command Line | C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} |
Initial Working Directory | C:\Windows\system32 |
Monitor | Start Time: 00:01:42, Reason: RPC Server |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:00:44 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x808 |
Parent PID | 0x240 (c:\windows\system32\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
8B4
0x
8B0
0x
8A8
0x
8A4
0x
8A0
0x
824
0x
818
0x
8C4
0x
8E0
0x
8DC
0x
8D8
0x
8D4
0x
8D0
0x
900
0x
908
0x
90C
0x
904
0x
8FC
0x
8F4
0x
318
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | Readable |
|
|||
oleaccrc.dll | 0x00100000 | 0x00100fff | Memory Mapped File | Readable |
|
|||
private_0x0000000000110000 | 0x00110000 | 0x00111fff | Private Memory | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000140000 | 0x00140000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000180000 | 0x00180000 | 0x00181fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000190000 | 0x00190000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | Readable, Writable, Executable |
|
|||
cversions.2.db | 0x001b0000 | 0x001b3fff | Memory Mapped File | Readable |
|
|||
{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db | 0x001c0000 | 0x001e3fff | Memory Mapped File | Readable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000230000 | 0x00230000 | 0x00230fff | Pagefile Backed Memory | Readable, Writable |
|
|||
cversions.2.db | 0x00240000 | 0x00243fff | Memory Mapped File | Readable |
|
|||
setupapi.dll.mui | 0x00250000 | 0x0025cfff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | Readable, Writable |
|
|||
{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db | 0x002e0000 | 0x0030ffff | Memory Mapped File | Readable |
|
|||
photoviewer.dll.mui | 0x00310000 | 0x00314fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000330000 | 0x00330000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000003d0000 | 0x003d0000 | 0x0040ffff | Private Memory | Readable, Writable |
|
|||
dllhost.exe | 0x00410000 | 0x00414fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000420000 | 0x00420000 | 0x005a7fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000005b0000 | 0x005b0000 | 0x0062ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000630000 | 0x00630000 | 0x007b0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000007c0000 | 0x007c0000 | 0x008bffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000008c0000 | 0x008c0000 | 0x01cbffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001cc0000 | 0x01cc0000 | 0x01cc0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001cd0000 | 0x01cd0000 | 0x01d0ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x01d10000 | 0x01fdefff | Memory Mapped File | Readable |
|
|||
~pif2d6.tmp | 0x01fe0000 | 0x01feffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000001ff0000 | 0x01ff0000 | 0x0202ffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02030000 | 0x0203ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02040000 | 0x0204ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02050000 | 0x0205ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002060000 | 0x02060000 | 0x0209ffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x020a0000 | 0x020affff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000020b0000 | 0x020b0000 | 0x020effff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x020f0000 | 0x020fffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002100000 | 0x02100000 | 0x0213ffff | Private Memory | Readable, Writable |
|
|||
{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db | 0x02140000 | 0x021a5fff | Memory Mapped File | Readable |
|
|||
private_0x00000000021b0000 | 0x021b0000 | 0x021effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021f0000 | 0x021f0000 | 0x0226ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002270000 | 0x02270000 | 0x022affff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000022b0000 | 0x022b0000 | 0x0238efff | Pagefile Backed Memory | Readable |
|
|||
~pif2d6.tmp | 0x02390000 | 0x0239ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x023a0000 | 0x023affff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x023b0000 | 0x023bffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x023c0000 | 0x023cffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000023d0000 | 0x023d0000 | 0x0240ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002410000 | 0x02410000 | 0x0250ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002510000 | 0x02510000 | 0x0254ffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02550000 | 0x0255ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02560000 | 0x0256ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002570000 | 0x02570000 | 0x0257ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002580000 | 0x02580000 | 0x025bffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x025c0000 | 0x025cffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x025d0000 | 0x025dffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x025e0000 | 0x025effff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000025f0000 | 0x025f0000 | 0x0262ffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x025f0000 | 0x025fffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02600000 | 0x0260ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02610000 | 0x0261ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002620000 | 0x02620000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002620000 | 0x02620000 | 0x02621fff | Private Memory | Readable, Writable |
|
|||
srgb color space profile.icm | 0x02630000 | 0x02630fff | Memory Mapped File | Readable |
|
|||
srgb color space profile.icm | 0x02640000 | 0x02640fff | Memory Mapped File | Readable |
|
|||
srgb color space profile.icm | 0x02650000 | 0x02650fff | Memory Mapped File | Readable |
|
|||
~pif2d6.tmp | 0x02660000 | 0x0266ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02670000 | 0x0267ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002680000 | 0x02680000 | 0x026bffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026c0000 | 0x026c0000 | 0x026fffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000026d0000 | 0x026d0000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02700000 | 0x0270ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02710000 | 0x0271ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02720000 | 0x0272ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02730000 | 0x0273ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02740000 | 0x0274ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02750000 | 0x0275ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002760000 | 0x02760000 | 0x0279ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000027a0000 | 0x027a0000 | 0x0289ffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x028a0000 | 0x028affff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x028b0000 | 0x028bffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000028c0000 | 0x028c0000 | 0x028fffff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02900000 | 0x0290ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02910000 | 0x0291ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02920000 | 0x0292ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02930000 | 0x0293ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02940000 | 0x0294ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02950000 | 0x0295ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02960000 | 0x0296ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02970000 | 0x0297ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02980000 | 0x0298ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02990000 | 0x0299ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x029a0000 | 0x029affff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000029b0000 | 0x029b0000 | 0x029effff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x029f0000 | 0x029fffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a00000 | 0x02a0ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a10000 | 0x02a1ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a20000 | 0x02a2ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a30000 | 0x02a3ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a40000 | 0x02a4ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a50000 | 0x02a5ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02a60000 | 0x02a6ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002a70000 | 0x02a70000 | 0x02aaffff | Private Memory | Readable, Writable |
|
|||
srgb color space profile.icm | 0x02ab0000 | 0x02ab0fff | Memory Mapped File | Readable |
|
|||
srgb color space profile.icm | 0x02ac0000 | 0x02ac0fff | Memory Mapped File | Readable |
|
|||
srgb color space profile.icm | 0x02ad0000 | 0x02ad0fff | Memory Mapped File | Readable |
|
|||
~pif74a.tmp | 0x02ae0000 | 0x02aeffff | Memory Mapped File | Readable, Writable |
|
|||
~pif74a.tmp | 0x02af0000 | 0x02afffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002b00000 | 0x02b00000 | 0x02b17fff | Private Memory | Readable, Writable |
|
|||
srgb color space profile.icm | 0x02b20000 | 0x02b20fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002b30000 | 0x02b30000 | 0x02b4dfff | Private Memory | Readable, Writable |
|
|||
srgb color space profile.icm | 0x02b50000 | 0x02b50fff | Memory Mapped File | Readable |
|
|||
private_0x0000000002b60000 | 0x02b60000 | 0x02b6afff | Private Memory | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02b70000 | 0x02b7ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02b80000 | 0x02b8ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02b90000 | 0x02b9ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ba0000 | 0x02baffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02bb0000 | 0x02bbffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02bc0000 | 0x02bcffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02bd0000 | 0x02bdffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02be0000 | 0x02beffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02bf0000 | 0x02bfffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c00000 | 0x02c0ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c10000 | 0x02c1ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c20000 | 0x02c2ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c30000 | 0x02c3ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c40000 | 0x02c4ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c50000 | 0x02c5ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c60000 | 0x02c6ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c70000 | 0x02c7ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c80000 | 0x02c8ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02c90000 | 0x02c9ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ca0000 | 0x02caffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02cb0000 | 0x02cbffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02cc0000 | 0x02ccffff | Memory Mapped File | Readable, Writable |
|
|||
segoeuib.ttf | 0x02cd0000 | 0x02d49fff | Memory Mapped File | Readable |
|
|||
~pif2d6.tmp | 0x02d50000 | 0x02d5ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02d60000 | 0x02d6ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02d70000 | 0x02d7ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02d80000 | 0x02d8ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02d90000 | 0x02d9ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02da0000 | 0x02daffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02db0000 | 0x02dbffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02dc0000 | 0x02dcffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02dd0000 | 0x02ddffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02de0000 | 0x02deffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02df0000 | 0x02dfffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e00000 | 0x02e0ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e10000 | 0x02e1ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e20000 | 0x02e2ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e30000 | 0x02e3ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e40000 | 0x02e4ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e50000 | 0x02e5ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e60000 | 0x02e6ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e70000 | 0x02e7ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e80000 | 0x02e8ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02e90000 | 0x02e9ffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ea0000 | 0x02eaffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02eb0000 | 0x02ebffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ec0000 | 0x02ecffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ed0000 | 0x02edffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ee0000 | 0x02eeffff | Memory Mapped File | Readable, Writable |
|
|||
~pif2d6.tmp | 0x02ef0000 | 0x02efffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x0000000002f00000 | 0x02f00000 | 0x02f17fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002f20000 | 0x02f20000 | 0x02f5ffff | Private Memory | Readable, Writable |
|
|||
staticcache.dat | 0x02f60000 | 0x0388ffff | Memory Mapped File | Readable |
|
|||
segoeui.ttf | 0x03890000 | 0x0390efff | Memory Mapped File | Readable |
|
|||
private_0x0000000003910000 | 0x03910000 | 0x0394ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003950000 | 0x03950000 | 0x03967fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003970000 | 0x03970000 | 0x03982fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003990000 | 0x03990000 | 0x03995fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000039a0000 | 0x039a0000 | 0x039dffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000039e0000 | 0x039e0000 | 0x03a1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003a20000 | 0x03a20000 | 0x03a52fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003a60000 | 0x03a60000 | 0x03a9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003aa0000 | 0x03aa0000 | 0x03b9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ba0000 | 0x03ba0000 | 0x03bdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003be0000 | 0x03be0000 | 0x03c1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003c20000 | 0x03c20000 | 0x03c52fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003c60000 | 0x03c60000 | 0x03c70fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003c80000 | 0x03c80000 | 0x03c9dfff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ca0000 | 0x03ca0000 | 0x03cdffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003ce0000 | 0x03ce0000 | 0x03cf0fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000003d00000 | 0x03d00000 | 0x03d17fff | Private Memory | Readable, Writable |
|
|||
cversions.2.db | 0x03d20000 | 0x03d23fff | Memory Mapped File | Readable |
|
|||
thumbcache.dll | 0x727e0000 | 0x727f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
icm32.dll | 0x72a50000 | 0x72a87fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x72a90000 | 0x72aa6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mscms.dll | 0x72ab0000 | 0x72b28fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imagingengine.dll | 0x72b30000 | 0x72cf9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
actxprxy.dll | 0x72f40000 | 0x72f8dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d9.dll | 0x73b40000 | 0x73d02fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ieproxy.dll | 0x73d20000 | 0x73d4afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
photobase.dll | 0x73dc0000 | 0x73dcbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleacc.dll | 0x73dd0000 | 0x73e0bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
slc.dll | 0x73e10000 | 0x73e19fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
d3d8thk.dll | 0x73e20000 | 0x73e25fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wtsapi32.dll | 0x73e30000 | 0x73e3cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
photoviewer.dll | 0x73e70000 | 0x73fd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
windowscodecs.dll | 0x74650000 | 0x7474afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
propsys.dll | 0x747f0000 | 0x748e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x748f0000 | 0x74902fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntmarta.dll | 0x74a50000 | 0x74a70fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
comctl32.dll | 0x74a80000 | 0x74c1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
linkinfo.dll | 0x74c30000 | 0x74c38fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x74c40000 | 0x74c4afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x74d00000 | 0x74d08fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdiplus.dll | 0x74dd0000 | 0x74f5ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
devobj.dll | 0x75130000 | 0x75141fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shell32.dll | 0x75200000 | 0x75e49fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
setupapi.dll | 0x76d50000 | 0x76eecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cfgmgr32.dll | 0x77030000 | 0x77056fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wldap32.dll | 0x77060000 | 0x770a4fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
psapi.dll | 0x77510000 | 0x77514fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Information | Value |
---|---|
ID | #12 |
File Name | c:\windows\syswow64\dllhost.exe |
Command Line | C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E} |
Initial Working Directory | C:\Windows\system32 |
Monitor | Start Time: 00:01:51, Reason: RPC Server |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:00:35 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x8ec |
Parent PID | 0x240 (c:\windows\system32\svchost.exe) |
Is Created or Modified Executable | |
Integrity Level | High (Elevated) |
Username | 1R6PFH\hJrD1KOKY DS8lUjv |
Groups |
|
Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
204
0x
120
0x
300
0x
304
0x
898
0x
8E8
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|||
apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000070000 | 0x00070000 | 0x00070fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000090000 | 0x00090000 | 0x0010ffff | Private Memory | Readable, Writable |
|
|||
locale.nls | 0x00110000 | 0x00176fff | Memory Mapped File | Readable |
|
|||
private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | Readable, Writable |
|
|||
private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000250000 | 0x00250000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000310000 | 0x00310000 | 0x0040ffff | Private Memory | Readable, Writable |
|
|||
dllhost.exe | 0x00410000 | 0x00414fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x0000000000420000 | 0x00420000 | 0x005a7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000005b0000 | 0x005b0000 | 0x00730fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000740000 | 0x00740000 | 0x01b3ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000001b80000 | 0x01b80000 | 0x01bbffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001bf0000 | 0x01bf0000 | 0x01c2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001c60000 | 0x01c60000 | 0x01c9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001d10000 | 0x01d10000 | 0x01d4ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001db0000 | 0x01db0000 | 0x01deffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x01df0000 | 0x020befff | Memory Mapped File | Readable |
|
|||
private_0x0000000002130000 | 0x02130000 | 0x0216ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000021f0000 | 0x021f0000 | 0x0222ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002270000 | 0x02270000 | 0x022affff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002320000 | 0x02320000 | 0x0235ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000002360000 | 0x02360000 | 0x0243efff | Pagefile Backed Memory | Readable |
|
|||
avrt.dll | 0x72580000 | 0x72586fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mfplat.dll | 0x72590000 | 0x725e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wmspdmod.dll | 0x72720000 | 0x727d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msttsdecwrp.dll | 0x72900000 | 0x7290dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msdmo.dll | 0x72ea0000 | 0x72eaafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sxs.dll | 0x73d50000 | 0x73daefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
uxtheme.dll | 0x74910000 | 0x7498ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64win.dll | 0x749a0000 | 0x749fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64.dll | 0x74a00000 | 0x74a3efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x74c20000 | 0x74c2dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x74ca0000 | 0x74cdafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x74ce0000 | 0x74cf5fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wow64cpu.dll | 0x75060000 | 0x75067fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x75090000 | 0x7509bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x750a0000 | 0x750fffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x75100000 | 0x75109fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x75110000 | 0x75128fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x75150000 | 0x751effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x75e50000 | 0x75fabfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x75fb0000 | 0x76006fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x76010000 | 0x76044fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x76050000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x760f0000 | 0x7617ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x76180000 | 0x7624bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x76350000 | 0x76355fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x76360000 | 0x763eefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x763f0000 | 0x764dffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x764e0000 | 0x7653ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x76540000 | 0x765ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x765f0000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x76bb0000 | 0x76cbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x76fe0000 | 0x77025fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x770b0000 | 0x77132fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x0000000077140000 | 0x77140000 | 0x77239fff | Private Memory | Readable, Writable, Executable |
|
|||
private_0x0000000077240000 | 0x77240000 | 0x7735efff | Private Memory | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77540000 | 0x776bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|||
private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
Information | Value |
---|---|
ID | #13 |
File Name | c:\windows\system32\svchost.exe |
Command Line | C:\Windows\system32\svchost.exe -k LocalService |
Initial Working Directory | C:\Windows\system32 |
Monitor | Start Time: 00:01:53, Reason: RPC Server |
Unmonitor | End Time: 00:02:26, Reason: Terminated by Timeout |
Monitor Duration | 00:00:33 |
Remarks | No high level activity detected in monitored regions |
Information | Value |
---|---|
PID | 0x3ec |
Parent PID | 0x1c0 (c:\windows\system32\services.exe) |
Is Created or Modified Executable | |
Integrity Level | System (Elevated) |
Username | NT AUTHORITY\Local Service |
Groups |
|
Enabled Privileges | SeSystemtimePrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
Thread IDs |
0x
B6C
0x
5D8
0x
754
0x
75C
0x
748
0x
734
0x
72C
0x
71C
0x
6EC
0x
6E8
0x
618
0x
138
0x
128
0x
E8
0x
3F8
0x
3F0
|
Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
---|---|---|---|---|---|---|---|---|
pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|||
svchost.exe.mui | 0x00020000 | 0x00020fff | Memory Mapped File | Readable, Writable |
|
|||
pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|||
locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|||
private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|||
es.dll | 0x00270000 | 0x00280fff | Memory Mapped File | Readable |
|
|||
stdole2.tlb | 0x00290000 | 0x00293fff | Memory Mapped File | Readable |
|
|||
pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable |
|
|||
netprofm.dll.mui | 0x002b0000 | 0x002b1fff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | Readable, Writable |
|
|||
private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x00000000003d0000 | 0x003d0000 | 0x0048ffff | Pagefile Backed Memory | Readable |
|
|||
private_0x00000000004a0000 | 0x004a0000 | 0x004affff | Private Memory | Readable, Writable |
|
|||
private_0x00000000004e0000 | 0x004e0000 | 0x004effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000550000 | 0x00550000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x0000000000560000 | 0x00560000 | 0x006e7fff | Pagefile Backed Memory | Readable |
|
|||
pagefile_0x00000000006f0000 | 0x006f0000 | 0x00870fff | Pagefile Backed Memory | Readable |
|
|||
private_0x0000000000880000 | 0x00880000 | 0x008fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000900000 | 0x00900000 | 0x0097ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000009e0000 | 0x009e0000 | 0x009effff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000a20000 | 0x00a20000 | 0x00a9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000ab0000 | 0x00ab0000 | 0x00b2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000000c20000 | 0x00c20000 | 0x00d1ffff | Private Memory | Readable, Writable |
|
|||
sortdefault.nls | 0x00d30000 | 0x00ffefff | Memory Mapped File | Readable |
|
|||
private_0x0000000001000000 | 0x01000000 | 0x010fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001120000 | 0x01120000 | 0x0119ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001290000 | 0x01290000 | 0x0130ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001310000 | 0x01310000 | 0x0138ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000013d0000 | 0x013d0000 | 0x0144ffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000014f0000 | 0x014f0000 | 0x0156ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001580000 | 0x01580000 | 0x015fffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001650000 | 0x01650000 | 0x016cffff | Private Memory | Readable, Writable |
|
|||
private_0x00000000016d0000 | 0x016d0000 | 0x017cffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001800000 | 0x01800000 | 0x0187ffff | Private Memory | Readable, Writable |
|
|||
kernelbase.dll.mui | 0x01880000 | 0x0193ffff | Memory Mapped File | Readable, Writable |
|
|||
private_0x00000000019b0000 | 0x019b0000 | 0x01a2ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001aa0000 | 0x01aa0000 | 0x01b1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001b20000 | 0x01b20000 | 0x01d1ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001e20000 | 0x01e20000 | 0x01e9ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001ec0000 | 0x01ec0000 | 0x01f3ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000001fa0000 | 0x01fa0000 | 0x0201ffff | Private Memory | Readable, Writable |
|
|||
private_0x0000000002150000 | 0x02150000 | 0x021cffff | Private Memory | Readable, Writable |
|
|||
sfc.dll | 0x75070000 | 0x75072fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
user32.dll | 0x77140000 | 0x77239fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernel32.dll | 0x77240000 | 0x7735efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ntdll.dll | 0x77360000 | 0x77508fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|||
private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|||
private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|||
svchost.exe | 0xff7f0000 | 0xff7fafff | Memory Mapped File | Readable, Writable, Executable |
|
|||
vmictimeprovider.dll | 0x7fef5d40000 | 0x7fef5d57fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
w32time.dll | 0x7fef5d60000 | 0x7fef5dbffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
npmproxy.dll | 0x7fef8170000 | 0x7fef817bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
perftrack.dll | 0x7fef81c0000 | 0x7fef8297fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rasadhlp.dll | 0x7fef84f0000 | 0x7fef84f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
netprofm.dll | 0x7fef8710000 | 0x7fef8783fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wer.dll | 0x7fef9c70000 | 0x7fef9cebfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc.dll | 0x7fefa380000 | 0x7fefa397fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dhcpcsvc6.dll | 0x7fefa3a0000 | 0x7fefa3b0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
fwpuclnt.dll | 0x7fefa3d0000 | 0x7fefa422fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsisvc.dll | 0x7fefa500000 | 0x7fefa509fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winrnr.dll | 0x7fefad20000 | 0x7fefad2afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
pnrpnsp.dll | 0x7fefad30000 | 0x7fefad48fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
napinsp.dll | 0x7fefad50000 | 0x7fefad64fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winnsi.dll | 0x7fefad90000 | 0x7fefad9afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
iphlpapi.dll | 0x7fefada0000 | 0x7fefadc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
es.dll | 0x7fefadd0000 | 0x7fefae36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dsrole.dll | 0x7fefae60000 | 0x7fefae6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nlaapi.dll | 0x7fefaf20000 | 0x7fefaf34fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
aepic.dll | 0x7fefb360000 | 0x7fefb371fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
webio.dll | 0x7fefb3c0000 | 0x7fefb423fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
winhttp.dll | 0x7fefb430000 | 0x7fefb4a0fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sfc_os.dll | 0x7fefb520000 | 0x7fefb52ffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wdi.dll | 0x7fefb550000 | 0x7fefb568fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dwmapi.dll | 0x7fefb7d0000 | 0x7fefb7e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
version.dll | 0x7fefc470000 | 0x7fefc47bfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wshtcpip.dll | 0x7fefc540000 | 0x7fefc546fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gpapi.dll | 0x7fefc630000 | 0x7fefc64afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
userenv.dll | 0x7fefc650000 | 0x7fefc66dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
credssp.dll | 0x7fefc7a0000 | 0x7fefc7a9fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rsaenh.dll | 0x7fefc8a0000 | 0x7fefc8e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
logoncli.dll | 0x7fefc990000 | 0x7fefc9bffff | Memory Mapped File | Readable, Writable, Executable |
|
|||
dnsapi.dll | 0x7fefc9c0000 | 0x7fefca1afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
wship6.dll | 0x7fefcb30000 | 0x7fefcb36fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
mswsock.dll | 0x7fefcb40000 | 0x7fefcb94fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptsp.dll | 0x7fefcba0000 | 0x7fefcbb6fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptdll.dll | 0x7fefce40000 | 0x7fefce53fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
secur32.dll | 0x7fefd140000 | 0x7fefd14afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sspicli.dll | 0x7fefd170000 | 0x7fefd194fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
cryptbase.dll | 0x7fefd1a0000 | 0x7fefd1aefff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sxs.dll | 0x7fefd1b0000 | 0x7fefd240fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrtremote.dll | 0x7fefd290000 | 0x7fefd2a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
profapi.dll | 0x7fefd2b0000 | 0x7fefd2befff | Memory Mapped File | Readable, Writable, Executable |
|
|||
kernelbase.dll | 0x7fefd510000 | 0x7fefd57afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
nsi.dll | 0x7fefd680000 | 0x7fefd687fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
lpk.dll | 0x7fefd8f0000 | 0x7fefd8fdfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
oleaut32.dll | 0x7fefda30000 | 0x7fefdb06fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
usp10.dll | 0x7fefdb10000 | 0x7fefdbd8fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
clbcatq.dll | 0x7fefdbe0000 | 0x7fefdc78fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msvcrt.dll | 0x7fefde80000 | 0x7fefdf1efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ole32.dll | 0x7fefdf20000 | 0x7fefe122fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
ws2_32.dll | 0x7fefe190000 | 0x7fefe1dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
imm32.dll | 0x7fefe200000 | 0x7fefe22dfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
gdi32.dll | 0x7fefe230000 | 0x7fefe296fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
shlwapi.dll | 0x7feff0d0000 | 0x7feff140fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
advapi32.dll | 0x7feff150000 | 0x7feff22afff | Memory Mapped File | Readable, Writable, Executable |
|
|||
msctf.dll | 0x7feff230000 | 0x7feff338fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
rpcrt4.dll | 0x7feff340000 | 0x7feff46cfff | Memory Mapped File | Readable, Writable, Executable |
|
|||
sechost.dll | 0x7feff650000 | 0x7feff66efff | Memory Mapped File | Readable, Writable, Executable |
|
|||
apisetschema.dll | 0x7feff680000 | 0x7feff680fff | Memory Mapped File | Readable, Writable, Executable |
|
|||
private_0x000007fffff98000 | 0x7fffff98000 | 0x7fffff99fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff9a000 | 0x7fffff9a000 | 0x7fffff9bfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff9c000 | 0x7fffff9c000 | 0x7fffff9dfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffff9e000 | 0x7fffff9e000 | 0x7fffff9ffff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa0000 | 0x7fffffa0000 | 0x7fffffa1fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa2000 | 0x7fffffa2000 | 0x7fffffa3fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa4000 | 0x7fffffa4000 | 0x7fffffa5fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffa8000 | 0x7fffffa8000 | 0x7fffffa9fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffaa000 | 0x7fffffaa000 | 0x7fffffabfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffac000 | 0x7fffffac000 | 0x7fffffadfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffae000 | 0x7fffffae000 | 0x7fffffaffff | Private Memory | Readable, Writable |
|
|||
pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | Readable |
|
|||
private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd4fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffddfff | Private Memory | Readable, Writable |
|
|||
private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | Readable, Writable |
|
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox
with deactivated setting "security.fileuri.strict_origin_policy".