Malware Uses JAR | Grouped Behavior
Try VMRay Analyzer
| Host | Resolved to | Country | City | Protocol |
|---|---|---|---|---|
| N3EErvtwsM | ||||
| adom2.com.br | ||||
| carvas32ltda.com | ||||
| carva32ssa.com | ||||
| bandeivacomercial.com | ||||
| bandeivacomercio.com | ||||
| 187.191.100.112 | BR | TCP | ||
| localhost | 127.0.0.1 | HTTP |
| Information | Value |
|---|---|
| ID / OS PID | #1 / 0xb6c |
| OS Parent PID | 0x4f0 (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Users\DSsDPMx042\Desktop |
| File Name | c:\program files\java\jre1.8.0_92\bin\java.exe |
| Command Line | "C:\Program Files\Java\jre1.8.0_92\bin\java.exe" -jar "C:\Users\DSsDPMx042\Desktop\Duplicata0.jar" |
| Monitor | Start Time: 00:00:08, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:30, Reason: Terminated |
| Monitor Duration | 00:00:22 |
| OS Thread IDs |
#
1
0x B70
#
2
0x BC0
#
3
0x BC4
#
4
0x BC8
#
5
0x BCC
#
6
0x BD8
#
7
0x BD0
#
8
0x BD4
#
9
0x BE0
#
10
0x BDC
#
11
0x BE4
#
12
0x BEC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x001f7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000210000 | 0x00210000 | 0x00211fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000220000 | 0x00220000 | 0x00226fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000230000 | 0x00230000 | 0x0032ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000330000 | 0x00330000 | 0x00430fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000440000 | 0x00440000 | 0x00441fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable |
|
|
|
|
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000470000 | 0x00470000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | Private Memory | Readable, Writable |
|
|
|
|
| 2924 | 0x004d0000 | 0x004dffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x00000000004e0000 | 0x004e0000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000560000 | 0x00560000 | 0x00560fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000590000 | 0x00590000 | 0x0059ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005a0000 | 0x005a0000 | 0x0069ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000006a0000 | 0x006a0000 | 0x00a92fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00b9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00bfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c10000 | 0x00c10000 | 0x00c1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c20000 | 0x00c20000 | 0x00caffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000d40000 | 0x00d40000 | 0x00d8ffff | Private Memory | Readable, Writable |
|
|
|
|
| java.exe | 0x00da0000 | 0x00dd2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000de0000 | 0x00de0000 | 0x019dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| SortDefault.nls | 0x019e0000 | 0x01caefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001cb0000 | 0x01cb0000 | 0x03caffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003cb0000 | 0x03cb0000 | 0x03cfffff | Private Memory | Readable, Writable |
|
|
|
|
| kernel32.dll.mui | 0x03d00000 | 0x03dbffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000003e00000 | 0x03e00000 | 0x13dfffff | Private Memory | Readable, Writable |
|
|
|
|
| classes.jsa | 0x13e00000 | 0x143affff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000143b0000 | 0x143b0000 | 0x1480ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000014810000 | 0x14810000 | 0x1485ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000014870000 | 0x14870000 | 0x148bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000148d0000 | 0x148d0000 | 0x1491ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000014990000 | 0x14990000 | 0x149dffff | Private Memory | Readable, Writable |
|
|
|
|
| classes.jsa | 0x14a00000 | 0x14f6ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000014fb0000 | 0x14fb0000 | 0x14ffffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015000000 | 0x15000000 | 0x151fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015290000 | 0x15290000 | 0x1529ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000152b0000 | 0x152b0000 | 0x152bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015380000 | 0x15380000 | 0x153bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015400000 | 0x15400000 | 0x1544ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015450000 | 0x15450000 | 0x1554ffff | Private Memory | Readable, Writable |
|
|
|
|
| classes.jsa | 0x15600000 | 0x156bffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000015800000 | 0x15800000 | 0x1580ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015940000 | 0x15940000 | 0x1597ffff | Private Memory | Readable, Writable |
|
|
|
|
| jvm.dll | 0x6d510000 | 0x6d8dafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcr100.dll | 0x6dee0000 | 0x6df9efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| net.dll | 0x6e0b0000 | 0x6e0c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| zip.dll | 0x6e0d0000 | 0x6e0e2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| java.dll | 0x6e0f0000 | 0x6e110fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pnrpnsp.dll | 0x6f1d0000 | 0x6f1e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winrnr.dll | 0x6f270000 | 0x6f277fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| NapiNSP.dll | 0x6f280000 | 0x6f28ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| verify.dll | 0x6f9b0000 | 0x6f9bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winmm.dll | 0x70ef0000 | 0x70f21fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| FWPUCLNT.DLL | 0x721e0000 | 0x72217fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x72300000 | 0x72306fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| IPHLPAPI.DLL | 0x72310000 | 0x7232bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasadhlp.dll | 0x72350000 | 0x72355fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wsock32.dll | 0x72f00000 | 0x72f06fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x73850000 | 0x7385ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x748a0000 | 0x748a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| WSHTCPIP.DLL | 0x74930000 | 0x74934fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x74ca0000 | 0x74ce3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wship6.dll | 0x74dd0000 | 0x74dd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x74de0000 | 0x74e1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77340000 | 0x77345fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77360000 | 0x77364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x773f0000 | 0x77424fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\public\n3eg\id | 0.01 KB (7 bytes) |
MD5:
97558baebf6eb308ff83d8fe474e294a
SHA1: 954cfe56df08de38d177d12bab69170cf1674b03 SHA256: 7a788184a2507c5de3f4cfc973810695d3ca41e29c6e90a21f87d419e1601c94 |
|
|
| c:\users\public\n3eg\idw | 0.00 KB (2 bytes) |
MD5:
26657d5ff9020d2abefe558796b99584
SHA1: 6fb84aed32facd1299ee1e77c8fd2b1a6352669e SHA256: 7b1a278f5abe8e9da907fc9c29dfd432d60dc76e17b0fabab659d2a508bc65c4 |
|
|
| c:\users\public\n3eg\n3eg1.zip | 1.58 MB (1661608 bytes) |
MD5:
16dbf6ce67e389a442ce8d032637654d
SHA1: 0b4068e0d543bb6cd9e549df207a3069a7e18388 SHA256: 555a58f9a1d235b075fa645a058a5b93215bd27432a4c8e120f4310eb8655c47 |
|
|
| c:\users\public\n3eg\n3eg2.zip | 730.94 KB (748483 bytes) |
MD5:
7088647800a215d2d77570ff3f999e74
SHA1: aad42e745069e801900a01f1fd897b82067f988e SHA256: 572d8553fc28c6cdd680aa782cd73d2e6cbd7316145f060a3986a7ce0e40515e |
|
|
| c:\users\public\n3eg\n3eg4.zip | 411.42 KB (421293 bytes) |
MD5:
d5a2e7e6f866f119cd9fe3b3d6232acc
SHA1: 8af3b0406e8e6780cea28a603f46ef2eec7d2b9f SHA256: 09973947c6b59a27d5adf9ce1d0b2edf342a18ae746d58dec72cc24b31d46a59 |
|
|
| c:\users\public\n3eg\ljkg4 | 452.50 KB (463360 bytes) |
MD5:
9c413a78860adeb716ce3a6c9c90aeb3
SHA1: 3b12a0e1afae98db7e665ea6bc45b1c7bf875b30 SHA256: 8be47f70911221c257dd2def3ce76a1d4db6d26685de6fbc16409baeb8ba8722 |
|
|
| c:\users\public\n3eg\n3eg4.51n3e | 452.50 KB (463360 bytes) |
MD5:
9c413a78860adeb716ce3a6c9c90aeb3
SHA1: 3b12a0e1afae98db7e665ea6bc45b1c7bf875b30 SHA256: 8be47f70911221c257dd2def3ce76a1d4db6d26685de6fbc16409baeb8ba8722 |
|
|
| c:\users\public\n3eg\ljkg1 | 2.56 MB (2689537 bytes) |
MD5:
8eaa07e05c7f46d1c2949d11c9ba645d
SHA1: 1dc6bc4043ce00b856bfe462147064b34ae16dc2 SHA256: 866218b20d0ebcae237e288cf8616d7a9293c974a1df14ec8f7c37b7ee0dd7e4 |
|
|
| c:\users\public\n3eg\n3eg1.51n3e | 2.56 MB (2689537 bytes) |
MD5:
8eaa07e05c7f46d1c2949d11c9ba645d
SHA1: 1dc6bc4043ce00b856bfe462147064b34ae16dc2 SHA256: 866218b20d0ebcae237e288cf8616d7a9293c974a1df14ec8f7c37b7ee0dd7e4 |
|
|
| c:\users\public\n3eg\ljkg2 | 1.29 MB (1356288 bytes) |
MD5:
23adce0295127671e5bc3c4c9d1e2eb7
SHA1: cf28f7c38c1a3e17458e6b7eb1dc38baef72d290 SHA256: 7cfbfff8aaf3bd0cc707e61a075a1f45644f422f9d1c55573edec637c27b6534 |
|
|
| c:\users\public\n3eg\n3eg2.51n3e | 1.29 MB (1356288 bytes) |
MD5:
23adce0295127671e5bc3c4c9d1e2eb7
SHA1: cf28f7c38c1a3e17458e6b7eb1dc38baef72d290 SHA256: 7cfbfff8aaf3bd0cc707e61a075a1f45644f422f9d1c55573edec637c27b6534 |
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp | 0.05 KB (50 bytes) |
MD5:
9fffd4e723eebc43d03333c1a4413ab4
SHA1: 5a93ce0f655c05c5318bfbdb488e6eceaf29d96e SHA256: 48d355d323548fb06decc335335b6deb3155b593756826c6771ff9d25743ea63 |
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\program files\java\jre1.8.0_92\lib\rt.jar | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\program files\java\jre1.8.0_92\lib\ext\meta-index | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\dssdpmx042\desktop\duplicata0.jar | share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
3 | |
| CREATE | c:\users\dssdpmx042\desktop\duplicata0.jar | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| CREATE | c:\program files\java\jre1.8.0_92\lib\meta-index | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\program files\java\jre1.8.0_92\lib\security\java.security | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\id | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\idw | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\program files\java\jre1.8.0_92\lib\net.properties | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3eg1.zip | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3eg2.zip | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3eg4.zip | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3eg4.zip | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\ljkg4 | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3eg1.zip | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\ljkg1 | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3eg2.zip | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\ljkg2 | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 4 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 128 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 7 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1896818 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 160 |
|
50 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 30 |
|
50 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 363 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 120 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1671 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\ext\meta-index | size = 8192 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\ext\meta-index | size = 8192 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 4 |
|
2 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 128 |
|
2 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 1188 |
|
2 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 160 |
|
10 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 30 |
|
10 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 123 |
|
5 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1016 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1132 |
|
2 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 985 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 2339 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\meta-index | size = 8192 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\meta-index | size = 8192 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 352 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 561 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 879 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 755 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 2044 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 2423 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 91 |
|
2 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1157 |
|
1 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 8192 |
|
2 | |
| READ | c:\users\dssdpmx042\desktop\duplicata0.jar | size = 3879 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\security\java.security | size = 8192 |
|
3 | |
| READ | c:\program files\java\jre1.8.0_92\lib\security\java.security | size = 8192 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\security\java.security | size = 8192 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 44725 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 800 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1085 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 792 |
|
2 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1194 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1127 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 737 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\net.properties | size = 8192 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\net.properties | size = 8192 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 16003 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 4482 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 973 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 4050 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 975 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 3674 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 621 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 751 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1874 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 7198 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 920 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1936 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 281 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 748 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 2693 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 3379 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 3246 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 100 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 2082 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 2282 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 683 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 681 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 2654 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1459 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1396 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 285 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg4.zip | size = 30 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg4.zip | size = 5 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg4.zip | size = 512 |
|
822 | |
| READ | c:\users\public\n3eg\n3eg4.zip | size = 512 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg1.zip | size = 30 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg1.zip | size = 5 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg1.zip | size = 512 |
|
3245 | |
| READ | c:\users\public\n3eg\n3eg1.zip | size = 512 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg2.zip | size = 30 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg2.zip | size = 5 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg2.zip | size = 512 |
|
1461 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1124 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 3434 |
|
1 | |
| READ | c:\users\public\n3eg\n3eg2.zip | size = 512 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 6089 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 8451 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1067 |
|
1 | |
| READ | c:\program files\java\jre1.8.0_92\lib\rt.jar | size = 1873 |
|
1 | |
| OPEN | STD_OUTPUT_HANDLE |
|
3 | ||
| OPEN | STD_ERROR_HANDLE |
|
3 | ||
| OPEN | STD_INPUT_HANDLE |
|
2 | ||
| WRITE | c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp | size = 50 |
|
1 | |
| WRITE | c:\users\public\n3eg\id | size = 7 |
|
1 | |
| WRITE | c:\users\public\n3eg\idw | size = 2 |
|
1 | |
| WRITE | c:\users\public\n3eg\n3eg1.zip | size = 1661608 |
|
1 | |
| WRITE | c:\users\public\n3eg\n3eg2.zip | size = 748483 |
|
1 | |
| WRITE | c:\users\public\n3eg\n3eg4.zip | size = 421293 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 1024 |
|
22 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 142 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 930 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 806 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 882 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 761 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 830 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 913 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 812 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 638 |
|
19 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 614 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 633 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 730 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 738 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 747 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 715 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 859 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 741 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 687 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 926 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 779 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 867 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 834 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 407 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 1 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 285 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 673 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 808 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 719 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 701 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 706 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 667 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 651 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 746 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 756 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 855 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 987 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 763 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 700 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 836 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 842 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 868 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 909 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 751 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 871 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 876 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 754 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 885 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 774 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 827 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 21 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 211 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 1009 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 709 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 946 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 794 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 63 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 879 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 62 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 77 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 847 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 851 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 532 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 296 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 936 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 908 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 968 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 1000 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 964 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 884 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 939 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 811 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 838 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 959 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 869 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 873 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 804 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 786 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 787 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 805 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 1019 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 11 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 759 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 902 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 29 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 76 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 982 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 449 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 552 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 567 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 587 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 634 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 684 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 603 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 802 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 583 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 496 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 141 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 516 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 479 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 538 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 490 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 495 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 492 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 494 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 493 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 488 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 491 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 505 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 512 |
|
668 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 507 |
|
27 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 467 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg4 | size = 511 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 831 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 701 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 681 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 753 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 911 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 783 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 760 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 802 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 953 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 903 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1024 |
|
551 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 675 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 232 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 325 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 695 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 845 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 602 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 565 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 544 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 585 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 607 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 591 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 578 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 569 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 595 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 637 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 588 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 563 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 587 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 547 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 566 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 596 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 598 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 571 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 485 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 623 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 632 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 610 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 622 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 581 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 606 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 608 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 638 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 600 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 620 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 614 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 641 |
|
18 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 646 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 580 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 590 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 659 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 604 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 660 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 763 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 680 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 676 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 653 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 592 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 634 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 642 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 723 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 628 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 712 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 664 |
|
23 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 747 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 727 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 682 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 115 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 512 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 26 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 931 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 939 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 13 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 776 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 724 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 44 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 185 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 241 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 106 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 132 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 230 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 508 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 270 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 703 |
|
20 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 809 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 734 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 806 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 685 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 864 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 938 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 283 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 361 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 558 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 982 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 826 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 767 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 213 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 749 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 961 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 287 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 906 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1006 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 827 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 609 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 553 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 589 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 560 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 584 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 611 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 594 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 586 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 639 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 601 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 603 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 717 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 457 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 543 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 559 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 605 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 633 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 617 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 741 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 684 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 612 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 619 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 672 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 744 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 670 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 702 |
|
17 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 662 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 650 |
|
22 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 669 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 636 |
|
20 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 708 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 705 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 654 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 652 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 698 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 707 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 770 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 752 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 84 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 210 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 630 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 616 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 651 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 658 |
|
23 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 805 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 781 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 788 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 699 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 862 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 792 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 935 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 775 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 686 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 667 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 564 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 739 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 649 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 673 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 656 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 640 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 817 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 668 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 713 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 754 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 655 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 629 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 700 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 573 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 688 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 572 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 735 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 967 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 964 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 945 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 866 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 850 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 897 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 975 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 138 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 159 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 388 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 162 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 876 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 48 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 161 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 927 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 937 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 128 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 19 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 110 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 237 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 274 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 258 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 4 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 60 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 709 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 461 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 731 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 693 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 647 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 759 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 715 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 674 |
|
20 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 690 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 777 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 838 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 219 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 455 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 339 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 983 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 294 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 615 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 269 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 81 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 107 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 849 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 627 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 959 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 32 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 890 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 990 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 66 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 665 |
|
17 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 687 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 679 |
|
19 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 842 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1012 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 721 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 839 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 952 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 758 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 813 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 905 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1020 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 82 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1017 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 57 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 67 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 53 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 199 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 130 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 47 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 145 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 29 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 689 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 835 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 671 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 720 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 374 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 538 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 579 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 800 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 780 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 745 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 657 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 750 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 963 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 958 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 114 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 118 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 618 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 836 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 885 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 793 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 706 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 973 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 491 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 965 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 208 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 332 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 987 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 807 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 71 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 913 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 183 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 333 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 520 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 271 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 23 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 519 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 212 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 50 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 70 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 250 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 178 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 420 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 907 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 133 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 251 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 150 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 255 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 981 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 231 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 928 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 253 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 318 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 785 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 722 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 765 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 599 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 582 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 554 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 678 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 692 |
|
14 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 261 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 746 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 666 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 991 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 870 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 272 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 930 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 986 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 779 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 36 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 15 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 824 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 999 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 880 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 774 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 12 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 189 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 863 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 116 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 976 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 75 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 297 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 970 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 100 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 778 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 811 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 944 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 884 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 950 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1016 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 510 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 96 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 820 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 854 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 825 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 901 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 49 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 27 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 89 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1018 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 127 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 204 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 164 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 195 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 252 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 163 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 196 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 284 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 408 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 344 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 217 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 402 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 240 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 288 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 954 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 921 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 238 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 370 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 211 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 103 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 79 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 376 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 855 |
|
11 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 129 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 170 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 917 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 531 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 546 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 40 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 194 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 51 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 182 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1014 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 46 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 184 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 488 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 260 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 135 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 41 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 742 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 635 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 718 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 926 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 898 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 843 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 966 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 899 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 626 |
|
16 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 888 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 786 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 960 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 631 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 663 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 625 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 728 |
|
12 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 859 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 481 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 696 |
|
15 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 875 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 714 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 790 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 979 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 955 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 142 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 525 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 355 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 853 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 470 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 439 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 551 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 962 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 925 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 302 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 909 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 307 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 8 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 291 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 932 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 155 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 202 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 438 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 136 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1003 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 167 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 214 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 733 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 278 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 496 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 841 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 108 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 9 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 574 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 20 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 951 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 101 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 34 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 645 |
|
17 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 993 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 172 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 423 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 507 |
|
13 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 380 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 58 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 915 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 871 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 126 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 286 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 856 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1021 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 5 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 14 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 732 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 111 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 730 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 872 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 91 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 755 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 691 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 948 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 621 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 487 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 583 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 851 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 7 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 65 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 798 |
|
10 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 550 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 18 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 45 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 736 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 858 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 882 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 829 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 555 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 570 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 121 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 808 |
|
8 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 867 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1005 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 833 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 497 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 968 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 782 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 540 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 743 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 874 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 810 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 94 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 887 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 207 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 59 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 131 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 64 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1009 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 934 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 998 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 356 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 224 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 460 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 860 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 30 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 301 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 141 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 373 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 68 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 63 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 419 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 348 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1001 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 120 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 342 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 228 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 166 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 175 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 168 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 148 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 181 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 985 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1008 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 737 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 893 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 896 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 399 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 801 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 904 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 994 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 346 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 920 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 359 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 218 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 88 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 227 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 292 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 533 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 206 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 244 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 401 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 536 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 834 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 80 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 799 |
|
9 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 819 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 908 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 738 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 762 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 873 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 113 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 910 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 537 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 552 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 541 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 28 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 947 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 830 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 492 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 704 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 791 |
|
6 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 495 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 331 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 83 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 140 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 62 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 22 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 369 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 493 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 424 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 400 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 303 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 449 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 389 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 334 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 345 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 442 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 314 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 393 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 528 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 437 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 443 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 409 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 315 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 366 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 464 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 486 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 192 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 193 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 337 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 478 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 384 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 200 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 452 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 523 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 368 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 422 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 191 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 427 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 539 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 177 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 335 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 174 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 336 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 321 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 902 |
|
5 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 458 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 768 |
|
7 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 43 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 787 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 847 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1011 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 772 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 828 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 794 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 277 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 575 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 726 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 795 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 971 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 282 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 418 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 24 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 924 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 556 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 268 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 320 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 943 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 891 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1004 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 832 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 972 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 929 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 561 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 351 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 117 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 803 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 900 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 42 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 524 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 509 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 281 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 429 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 102 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 984 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 494 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 490 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 1000 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 941 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 484 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 220 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 169 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 293 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 549 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 372 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 122 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 257 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 916 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 134 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 450 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 480 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 386 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 246 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 375 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 371 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 304 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 289 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg1 | size = 341 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 1024 |
|
533 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 982 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 320 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 438 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 305 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 974 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 1017 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 55 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 290 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 435 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 150 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 159 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 260 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 267 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 381 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 429 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 461 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 170 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 523 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 11 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 990 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 817 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 354 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 223 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 49 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 84 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 86 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 79 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 318 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 361 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 151 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 1009 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 400 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 72 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 258 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 140 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 133 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 256 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 29 |
|
3 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 48 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 68 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 131 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 261 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 91 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 167 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 1022 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 103 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 927 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 526 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 219 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 951 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 908 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 862 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 311 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 356 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 316 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 562 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 182 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 324 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 210 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 1016 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 347 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 343 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 241 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 63 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 294 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 321 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 337 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 92 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 317 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 259 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 392 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 323 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 456 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 510 |
|
4 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 292 |
|
2 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 476 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 457 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 174 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 442 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 147 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 209 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 31 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 192 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 250 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 98 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 407 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 242 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 372 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 184 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 148 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 230 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 46 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 401 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 270 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 441 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 916 |
|
1 | |
| WRITE | c:\users\public\n3eg\ljkg2 | size = 117 |
|
1 | |
|
For performance reasons, the remaining 9 entries are omitted.
Click to download all 1009 entries as text file (0.39 MB). |
|||||
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | regsvr32.exe \s \"C:\Users\Public\N3Eg\N3Eg2.51N3E\" #96 | os_tid = 0xbfc, os_pid = 0xbf8, creation_flags = CREATE_UNICODE_ENVIRONMENT, CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | SHELL32.dll | base_address = 0x759e0000 |
|
1 | |
| GET_HANDLE | c:\program files\java\jre1.8.0_92\bin\client\jvm.dll | base_address = 0x6d510000 |
|
2 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x75900000 |
|
1 | |
| GET_HANDLE | c:\program files\java\jre1.8.0_92\bin\java.exe | base_address = 0xda0000 |
|
4 | |
| GET_FILENAME | c:\program files\java\jre1.8.0_92\bin\client\jvm.dll | file_name = C:\Program Files\Java\jre1.8.0_92\bin\client\jvm.dll |
|
1 | |
| GET_PROC_ADDRESS | c:\program files\java\jre1.8.0_92\bin\client\jvm.dll | function = JVM_GetVersionInfo, address = 0x6d60fed0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = SHGetKnownFolderPath, address = 0x75a94ca0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFinalPathNameByHandleW, address = 0x75934e2a |
|
1 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| GET_INFO | type = Hardware Information |
|
1 |
| Remote Address | Remote Port | Username | Password | Success | Count |
|---|---|---|---|---|---|
| 80 |
|
1 |
| Method | URL | Success | Count |
|---|---|---|---|
| GET | http://None/nosoanfhtympkl50tre/ljk32g1.txt |
|
3 |
| Operation | Host | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_HOSTNAME | N3EErvtwsM |
|
1 | ||
| RESOLVE_NAME | N3EErvtwsM |
|
1 | ||
| RESOLVE_NAME | adom2.com.br |
|
1 |
| Remote Address | Remote Port | L7Protocol | Success | Count |
|---|---|---|---|---|
| 80 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #2 / 0xbf8 |
| OS Parent PID | 0xb6c (c:\program files\java\jre1.8.0_92\bin\java.exe) |
| Initial Working Directory | C:\Users\DSsDPMx042\Desktop |
| File Name | c:\windows\system32\regsvr32.exe |
| Command Line | regsvr32.exe /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96 |
| Monitor | Start Time: 00:00:26, Reason: Child Process |
| Unmonitor | End Time: 00:00:30, Reason: Terminated |
| Monitor Duration | 00:00:04 |
| OS Thread IDs |
#
13
0x BFC |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN | c:\windows\explorer.exe | os_pid = 0x4f0, desired_access = PROCESS_ALL_ACCESS |
|
1 |
| Operation | Address | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| ALLOC | 0x4fd0000 | process_name = c:\windows\explorer.exe, os_pid = 0x4f0, size = 66, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE |
|
1 | |
| WRITE | 0x4fd0000 | process_name = c:\windows\explorer.exe, os_pid = 0x4f0, size = 66 |
|
1 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\windows\explorer.exe | os_tid = 0xc00, os_pid = 0x4f0, proc_address = 0x75953c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | kernel32.dll | base_address = 0x75900000 |
|
3 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x75900000 |
|
7 | |
| GET_HANDLE | c:\windows\system32\oleaut32.dll | base_address = 0x76ee0000 |
|
1 | |
| GET_FILENAME | C:\Users\Public\N3Eg\N3Eg2.51N3E |
|
1 | ||
| GET_FILENAME | C:\Windows\system32\regsvr32.exe |
|
3 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadPreferredUILanguages, address = 0x759422d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadPreferredUILanguages, address = 0x7593e627 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadUILanguage, address = 0x7593ae42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address = 0x7593be77 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExW, address = 0x7593de40 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantChangeTypeEx, address = 0x76ee4c28 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNeg, address = 0x76f5c802 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNot, address = 0x76f5ec66 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAdd, address = 0x76f05934 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarSub, address = 0x76f5d332 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMul, address = 0x76f5dbd4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDiv, address = 0x76f5e405 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarIdiv, address = 0x76f5f00a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMod, address = 0x76f5f15e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAnd, address = 0x76f05a98 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarOr, address = 0x76f5ecfa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarXor, address = 0x76f5ee2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCmp, address = 0x76efb0dc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarI4FromStr, address = 0x76ef6fab |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR4FromStr, address = 0x76f001a0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR8FromStr, address = 0x76ef699e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDateFromStr, address = 0x76f06ba7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCyFromStr, address = 0x76f26c12 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBoolFromStr, address = 0x76efdbd1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromCy, address = 0x76f07fdc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromDate, address = 0x76ef7a2a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromBool, address = 0x76f00355 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address = 0x77259981 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeConditionVariable, address = 0x772a5a7b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address = 0x772245a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address = 0x759318be |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address = 0x7593f731 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32ListFirst, address = 0x759902e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32ListNext, address = 0x75990391 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32First, address = 0x75990429 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32Next, address = 0x75990614 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Toolhelp32ReadProcessMemory, address = 0x75990819 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32First, address = 0x7596443d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32Next, address = 0x75964505 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32FirstW, address = 0x7593fa35 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32NextW, address = 0x7593faca |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Thread32First, address = 0x75967e4c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Thread32Next, address = 0x75967edc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32First, address = 0x75990859 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32Next, address = 0x75990942 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32FirstW, address = 0x7593c59e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32NextW, address = 0x7593c11f |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualAllocEx, address = 0x7593c1b6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WriteProcessMemory, address = 0x7593c1de |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateRemoteThread, address = 0x7598f33b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = OpenProcess, address = 0x759459d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address = 0x75953c01 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address = 0x75932004 |
|
2 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
2 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
2 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
2 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| GET_INFO | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #3 / 0x4f0 |
| OS Parent PID | 0xffffffffffffffff (Unknown) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Monitor | Start Time: 00:00:29, Reason: Injection |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:03:21 |
| OS Thread IDs |
#
14
0x AB8
#
15
0x 9DC
#
16
0x 9D0
#
17
0x 9C4
#
18
0x 9B8
#
19
0x 9B4
#
20
0x 988
#
21
0x 93C
#
22
0x 91C
#
23
0x 914
#
24
0x 8C8
#
25
0x 4BC
#
26
0x 6A0
#
27
0x 678
#
28
0x 670
#
29
0x 658
#
30
0x 654
#
31
0x 5FC
#
32
0x 5E8
#
33
0x 5E0
#
34
0x 5C8
#
35
0x 5C4
#
36
0x 5C0
#
37
0x 5BC
#
38
0x 5B8
#
39
0x 5AC
#
40
0x 5A8
#
41
0x 5A4
#
42
0x 59C
#
43
0x 528
#
44
0x 524
#
45
0x 51C
#
46
0x 518
#
47
0x 514
#
48
0x 4FC
#
49
0x 4F4
#
50
0x C00
#
51
0x C04
#
52
0x C28
#
53
0x CAC
#
81
0x F00
#
94
0x F7C
#
101
0x 48C
#
102
0x 470 |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\system32\regsvr32.exe | 0xbfc | address = 0x4fd0000, size = 66 |
|
1 | |
| Create Remote Thread | c:\windows\system32\regsvr32.exe | 0xbfc | os_thread_id = 0xc00, address = 0x75953c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\public\n3eg\wvs | 0.00 KB (4 bytes) |
MD5:
f4314bbaf858170dd3b5d1610b3370fa
SHA1: fb456dcb16fcac006136471acaf71089398f2063 SHA256: 45e26aeb4a0e45265193e9293e88a93d9b3c89af4e401cb1812161c4568d0b51 |
|
|
| c:\users\public\n3eg\idx | 0.01 KB (10 bytes) |
MD5:
a26185275591cd0849899d86349265a0
SHA1: 209b5d24d976b7399dd37ee9669c312ddc3da214 SHA256: 7361213f5c9ebbdf90b6865202c7f02607e3d57ec9b070448dba250bef7061f4 |
|
|
| c:\users\public\n3eg\n3e.vbs | 4.10 KB (4199 bytes) |
MD5:
519b80fd9d6073f6034820a5c0f0241c
SHA1: 5d7d06d0b1100817dfccf7c87c824650da296fc1 SHA256: 7ac2bab32a34ef844ac2a63864db4d238011723b81f4072f22b148a4535a56d8 |
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\dssdpmx042\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat | 80.00 KB (81920 bytes) |
MD5:
489a66c81bd1deebd347a3fce46c31d7
SHA1: fc27e597ef7a216a9c7eb63779d18ed1a1f8b5fc SHA256: 177fb57447305271f05151adc9fabf9dd69d3e052c98f9fcaac79ced241bb5ad |
|
|
| c:\users\dssdpmx042\appdata\roaming\microsoft\windows\cookies\index.dat | 32.00 KB (32768 bytes) |
MD5:
9da9b46d28aaa6d10d5ba425639fc03a
SHA1: 2602ba59732e5f2cca492e65771897d415805d78 SHA256: b0871c556380772c12490db86b7a1c20917ee3b4e6115e080eec8355d7b3d9f5 |
|
|
| c:\users\dssdpmx042\appdata\local\microsoft\windows\history\history.ie5\index.dat | 48.00 KB (49152 bytes) |
MD5:
c4afe452c2cd7b22ab13582f920725c5
SHA1: adabacab480544deed5ca4966cbb1624ec5840d2 SHA256: 39ebb553a8f620ee98ad0560a6ee2cd5c01049d92d65c1f34947c531a9f54be6 |
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\users\public\n3eg\n3eg1.51n3e | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\wvs | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\idw | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\idx | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\n3e.vbs | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\id | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| READ | c:\users\public\n3eg\n3eg1.51n3e | size = 2689537 |
|
1 | |
| READ | c:\users\public\n3eg\idw | size = 2 |
|
1 | |
| READ | c:\users\public\n3eg\id | size = 7 |
|
1 | |
| WRITE | c:\users\public\n3eg\wvs | size = 4 |
|
1 | |
| WRITE | c:\users\public\n3eg\idx | size = 10 |
|
1 | |
| WRITE | c:\users\public\n3eg\n3e.vbs | size = 4199 |
|
1 | |
| DELETE | c:\users\public\n3eg\n3e.vbs |
|
1 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | cmd /k "C:\Users\Public\N3Eg\N3E.vbs" | show_window = SW_HIDE |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | C:\Users\Public\N3Eg\N3Eg4.ENU | base_address = 0x0 |
|
1 | |
| LOAD | C:\Users\Public\N3Eg\N3Eg4.EN | base_address = 0x0 |
|
1 | |
| LOAD | oleaut32.dll | base_address = 0x76ee0000 |
|
3 | |
| LOAD | advapi32.dll | base_address = 0x76650000 |
|
2 | |
| LOAD | user32.dll | base_address = 0x76ca0000 |
|
4 | |
| LOAD | kernel32.dll | base_address = 0x75900000 |
|
8 | |
| LOAD | gdi32.dll | base_address = 0x76dd0000 |
|
1 | |
| LOAD | version.dll | base_address = 0x748a0000 |
|
1 | |
| LOAD | ole32.dll | base_address = 0x76a90000 |
|
1 | |
| LOAD | comctl32.dll | base_address = 0x74110000 |
|
1 | |
| LOAD | msvcrt.dll | base_address = 0x76f70000 |
|
1 | |
| LOAD | shell32.dll | base_address = 0x759e0000 |
|
1 | |
| LOAD | wininet.dll | base_address = 0x75650000 |
|
1 | |
| LOAD | oleacc.dll | base_address = 0x72190000 |
|
1 | |
| LOAD | OLEACC.DLL | base_address = 0x72190000 |
|
1 | |
| LOAD | imm32.dll | base_address = 0x76630000 |
|
2 | |
| LOAD | olepro32.dll | base_address = 0x6e100000 |
|
1 | |
| LOAD | security.dll | base_address = 0x6f9b0000 |
|
1 | |
| LOAD | wtsapi32.dll | base_address = 0x73c50000 |
|
1 | |
| LOAD | uxtheme.dll | base_address = 0x74090000 |
|
2 | |
| LOAD | WS2_32.DLL | base_address = 0x773f0000 |
|
1 | |
| LOAD | Fwpuclnt.dll | base_address = 0x721e0000 |
|
1 | |
| LOAD | IdnDL.dll | base_address = 0x6e0f0000 |
|
1 | |
| LOAD | Normaliz.dll | base_address = 0x75820000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x75900000 |
|
9 | |
| GET_HANDLE | c:\windows\system32\oleaut32.dll | base_address = 0x76ee0000 |
|
2 | |
| GET_HANDLE | c:\windows\system32\ole32.dll | base_address = 0x76a90000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\user32.dll | base_address = 0x76ca0000 |
|
3 | |
| GET_HANDLE | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | base_address = 0x74110000 |
|
1 | |
| GET_FILENAME | C:\Users\Public\N3Eg\N3Eg4.51N3E |
|
1 | ||
| GET_FILENAME | C:\Windows\Explorer.EXE |
|
3 | ||
| GET_FILENAME |
|
1 | |||
| GET_FILENAME | C:\Windows\Explorer.EXE |
|
1 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExA, address = 0x7598f46f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantChangeTypeEx, address = 0x76ee4c28 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNeg, address = 0x76f5c802 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNot, address = 0x76f5ec66 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAdd, address = 0x76f05934 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarSub, address = 0x76f5d332 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMul, address = 0x76f5dbd4 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDiv, address = 0x76f5e405 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarIdiv, address = 0x76f5f00a |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMod, address = 0x76f5f15e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAnd, address = 0x76f05a98 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarOr, address = 0x76f5ecfa |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarXor, address = 0x76f5ee2e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCmp, address = 0x76efb0dc |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarI4FromStr, address = 0x76ef6fab |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR4FromStr, address = 0x76f001a0 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR8FromStr, address = 0x76ef699e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDateFromStr, address = 0x76f06ba7 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCyFromStr, address = 0x76f26c12 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBoolFromStr, address = 0x76efdbd1 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromCy, address = 0x76f07fdc |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromDate, address = 0x76ef7a2a |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromBool, address = 0x76f00355 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SysFreeString, address = 0x76ee3e59 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SysReAllocStringLen, address = 0x76ee7810 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SysAllocStringLen, address = 0x76ee45d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address = 0x766646ad |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address = 0x7666468d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegCloseKey, address = 0x7666469d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MessageBoxA, address = 0x76cfea11 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharNextW, address = 0x76cb0be6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadStringW, address = 0x76cadfba |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Sleep, address = 0x7594ba46 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualFree, address = 0x75951da4 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address = 0x75952fb6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = lstrlenW, address = 0x7594d9e8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualQuery, address = 0x759576d6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address = 0x7594bb9f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetTickCount, address = 0x7594ba60 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetSystemInfo, address = 0x75953728 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetVersion, address = 0x7594154e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CompareStringW, address = 0x75949bee |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsValidLocale, address = 0x75943de4 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadLocale, address = 0x759688e6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetSystemDefaultUILanguage, address = 0x7593731d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetUserDefaultUILanguage, address = 0x759422ef |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLocaleInfoW, address = 0x75956596 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address = 0x7595450e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address = 0x7595452b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetACP, address = 0x759539aa |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address = 0x75944775 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address = 0x75953891 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetProcAddress, address = 0x759533d3 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address = 0x7595374d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address = 0x75953c26 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address = 0x7595679e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FreeLibrary, address = 0x7594d9d0 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLastError, address = 0x7594bf00 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address = 0x7595ed38 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = RtlUnwind, address = 0x75937f70 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = RaiseException, address = 0x7593eb60 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ExitProcess, address = 0x7595214f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ExitThread, address = 0x7722f611 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SwitchToThread, address = 0x7593eb24 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address = 0x7594bb80 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateThread, address = 0x7595375d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address = 0x77259ac5 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address = 0x77247760 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address = 0x772477a0 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address = 0x7725a149 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address = 0x759553b2 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindClose, address = 0x75950e62 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WriteFile, address = 0x75951400 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetStdHandle, address = 0x75951e46 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CloseHandle, address = 0x7594ca7c |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address = 0x7595395c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsSetValue, address = 0x7594da88 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsGetValue, address = 0x7594da70 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsFree, address = 0x759513b8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsAlloc, address = 0x759535a1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LocalFree, address = 0x7594ca64 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LocalAlloc, address = 0x75953363 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetClassLongW, address = 0x76ca658b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassLongW, address = 0x76cb3860 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowLongW, address = 0x76cb4449 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowLongW, address = 0x76cb61b8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateWindowExW, address = 0x76caec7c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = keybd_event, address = 0x76cfec3b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = WindowFromPoint, address = 0x76cd6be9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = WaitMessage, address = 0x76cb66bd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = WaitForInputIdle, address = 0x76cd0397 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = UpdateWindow, address = 0x76caffa8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = UnregisterClassW, address = 0x76cab9ae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = UnhookWindowsHookEx, address = 0x76caadf9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = TranslateMessage, address = 0x76cb64c7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = TranslateMDISysAccel, address = 0x76cd1a5a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = TrackPopupMenu, address = 0x76cc2228 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address = 0x76cae09a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SwitchDesktop, address = 0x76ca476b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowWindow, address = 0x76caf2a9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowScrollBar, address = 0x76cd3c89 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowOwnedPopups, address = 0x76cd28ca |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowCaret, address = 0x76ca9334 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowRgn, address = 0x76ca99ec |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address = 0x76cae30c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowTextW, address = 0x76cb612b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowPos, address = 0x76cb1bc4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowPlacement, address = 0x76ca7f78 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetTimer, address = 0x76cb52ef |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetScrollRange, address = 0x76ca8ec5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetScrollPos, address = 0x76cd04be |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetScrollInfo, address = 0x76cb48da |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetRect, address = 0x76cb498b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetPropW, address = 0x76cb5dc5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetParent, address = 0x76ca8314 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetMenuItemInfoW, address = 0x76cb1799 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetMenu, address = 0x76cd6b0e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetKeyboardState, address = 0x76cd695a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetForegroundWindow, address = 0x76cab225 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetFocus, address = 0x76caabad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetCursorPos, address = 0x76cec1b0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetCursor, address = 0x76cb3075 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetCapture, address = 0x76cd6932 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetActiveWindow, address = 0x76cb333a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SendMessageTimeoutW, address = 0x76cae459 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SendMessageA, address = 0x76caad60 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SendMessageW, address = 0x76cb5539 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ScrollWindow, address = 0x76ccfc1d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ScreenToClient, address = 0x76caa506 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RemovePropW, address = 0x76cb5fe1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RemoveMenu, address = 0x76ca86e8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ReleaseDC, address = 0x76cb5421 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ReleaseCapture, address = 0x76cd69f2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterWindowMessageW, address = 0x76cadf8d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterClipboardFormatW, address = 0x76cadf8d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterClassW, address = 0x76caed4a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RedrawWindow, address = 0x76cb29bc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PostQuitMessage, address = 0x76cab308 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PostMessageW, address = 0x76cb447b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PeekMessageA, address = 0x76cb19a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PeekMessageW, address = 0x76cb634a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = OpenDesktopW, address = 0x76cac669 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MsgWaitForMultipleObjectsEx, address = 0x76cae369 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MsgWaitForMultipleObjects, address = 0x76cb37d8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MoveWindow, address = 0x76ca8d29 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MessageBoxW, address = 0x76cfea5f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MessageBeep, address = 0x76cd2939 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MapWindowPoints, address = 0x76cb5caa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MapVirtualKeyW, address = 0x76cd6a7c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadKeyboardLayoutW, address = 0x76cec874 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadIconW, address = 0x76caf142 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadCursorW, address = 0x76caed90 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadBitmapW, address = 0x76ca6460 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = KillTimer, address = 0x76cb64f7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsZoomed, address = 0x76cb4ce9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindowVisible, address = 0x76cb4d69 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindowUnicode, address = 0x76cb2f55 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindowEnabled, address = 0x76caa9b9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindow, address = 0x76cb53ba |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsIconic, address = 0x76cb4c8e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsDialogMessageA, address = 0x76cc2019 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsDialogMessageW, address = 0x76cb4104 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsChild, address = 0x76cb3a83 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = InvalidateRect, address = 0x76cb566d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = InsertMenuItemW, address = 0x76caaac5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = InsertMenuW, address = 0x76ca869a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = HideCaret, address = 0x76ca9348 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address = 0x76caee32 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowTextW, address = 0x76cab8c5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowRect, address = 0x76cb558c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowPlacement, address = 0x76cd69de |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowDC, address = 0x76cb4ab7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetTopWindow, address = 0x76cd24d9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSystemMetrics, address = 0x76cb67cf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSystemMenu, address = 0x76cafd8b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSysColorBrush, address = 0x76caf1ed |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSysColor, address = 0x76cbdb7a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSubMenu, address = 0x76ca9c19 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetScrollRange, address = 0x76cd045a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetScrollPos, address = 0x76cd0e43 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetScrollInfo, address = 0x76cb2da3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetPropW, address = 0x76cb5bbe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetParent, address = 0x76cb6029 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindow, address = 0x76cb2780 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMessageTime, address = 0x76cd4231 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMessagePos, address = 0x76cd6703 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMessageExtraInfo, address = 0x76cab705 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuStringW, address = 0x76cd6528 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuState, address = 0x76cd67d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuItemInfoW, address = 0x76caaefa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuItemID, address = 0x76ca9cd4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuItemCount, address = 0x76caae39 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenu, address = 0x76cd6b68 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetLastActivePopup, address = 0x76cd6894 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardState, address = 0x76cd6946 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardLayoutNameW, address = 0x76cefa13 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardLayoutList, address = 0x76ca935c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardLayout, address = 0x76cb3800 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyState, address = 0x76cb2b4d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyNameTextW, address = 0x76cefa03 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetIconInfo, address = 0x76cb2989 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetGUIThreadInfo, address = 0x76cb237e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetForegroundWindow, address = 0x76cb335d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetFocus, address = 0x76cb3a34 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDlgCtrlID, address = 0x76cab4e8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDesktopWindow, address = 0x76cb01a9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDCEx, address = 0x76cb2d57 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDC, address = 0x76cb544c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetCursorPos, address = 0x76caa4b3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetCursor, address = 0x76cd6408 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClipboardData, address = 0x76cc2ba7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClientRect, address = 0x76cb54dd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassNameW, address = 0x76cb2a29 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassInfoExW, address = 0x76cb095e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassInfoW, address = 0x76cb0ac2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetCapture, address = 0x76ca9dc7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetActiveWindow, address = 0x76cd3b33 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FrameRect, address = 0x76cd0eb0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FindWindowExW, address = 0x76cd712b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FindWindowW, address = 0x76caae0d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FillRect, address = 0x76cb5d56 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumWindows, address = 0x76cb375b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumThreadWindows, address = 0x76cab712 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumChildWindows, address = 0x76cb2948 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EndPaint, address = 0x76cb5d42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EndMenu, address = 0x76ca8302 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnableWindow, address = 0x76ca8d02 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnableScrollBar, address = 0x76cd19ce |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnableMenuItem, address = 0x76cd43bc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawTextExW, address = 0x76cb5894 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawTextW, address = 0x76cb5b6a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawMenuBar, address = 0x76cd15ae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawIconEx, address = 0x76cb2c32 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawIcon, address = 0x76ca6427 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawFrameControl, address = 0x76ccb4f9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawFocusRect, address = 0x76cd3091 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawEdge, address = 0x76cb311a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DispatchMessageA, address = 0x76cb2e32 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DispatchMessageW, address = 0x76cbcc61 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyWindow, address = 0x76cab2f4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyMenu, address = 0x76ca87f7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyIcon, address = 0x76caa77f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyCursor, address = 0x76caa77f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DeleteMenu, address = 0x76ca83c2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DefWindowProcW, address = 0x76cb507d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DefMDIChildProcW, address = 0x76cd150a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DefFrameProcW, address = 0x76cd152b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreatePopupMenu, address = 0x76ca867c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateMenu, address = 0x76cd6aed |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateIcon, address = 0x76cc7510 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateDesktopW, address = 0x76ca40cf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CopyImage, address = 0x76ca87a6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CloseDesktop, address = 0x76cac4ce |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ClientToScreen, address = 0x76cb1316 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CheckMenuItem, address = 0x76ccee7c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharUpperBuffW, address = 0x76cbebd5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharUpperW, address = 0x76cbe981 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharLowerBuffW, address = 0x76cb3afe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharLowerW, address = 0x76caba8a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CallWindowProcW, address = 0x76cb1b3c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CallNextHookEx, address = 0x76caabe1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = BeginPaint, address = 0x76cb5d14 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = AdjustWindowRectEx, address = 0x76cb48ba |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ActivateKeyboardLayout, address = 0x76ca8203 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = UnrealizeObject, address = 0x76ddfb63 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = StretchBlt, address = 0x76ddf467 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetWindowOrgEx, address = 0x76dd8546 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetWinMetaFileBits, address = 0x76e0d957 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetViewportOrgEx, address = 0x76dd834f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetTextColor, address = 0x76dd6906 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetStretchBltMode, address = 0x76dd7705 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetROP2, address = 0x76ddf9e0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetPixel, address = 0x76df14f3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetMapMode, address = 0x76ddefbf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetEnhMetaFileBits, address = 0x76deb380 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetDIBits, address = 0x76dda995 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetDIBColorTable, address = 0x76df1492 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetBrushOrgEx, address = 0x76ddc4c5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetBkMode, address = 0x76dd69b1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetBkColor, address = 0x76dd6a3c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SelectPalette, address = 0x76dda1f6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SelectObject, address = 0x76dd6640 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SaveDC, address = 0x76dda74b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RoundRect, address = 0x76df016d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RestoreDC, address = 0x76dda67b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Rectangle, address = 0x76ddf1ff |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RectVisible, address = 0x76dd8f13 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RealizePalette, address = 0x76ddef91 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Polyline, address = 0x76de05cf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Polygon, address = 0x76ddfb87 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PolyBezierTo, address = 0x76e06c25 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PolyBezier, address = 0x76e06b03 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PlayEnhMetaFile, address = 0x76de990d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Pie, address = 0x76e0569f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PatBlt, address = 0x76dd62af |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = MoveToEx, address = 0x76dd8c21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = MaskBlt, address = 0x76ddc7ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = LineTo, address = 0x76ddf59b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = LPtoDP, address = 0x76dd8484 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = IntersectClipRect, address = 0x76dd7dfe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetWindowOrgEx, address = 0x76ddd1bf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetWinMetaFileBits, address = 0x76e0d7cb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address = 0x76dd7b8f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetTextExtentPointW, address = 0x76ddb358 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetTextExtentPoint32W, address = 0x76ddb4b5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetSystemPaletteEntries, address = 0x76ddc2e1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetStockObject, address = 0x76dd5ddf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetRgnBox, address = 0x76dd621f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetPixel, address = 0x76ddc3d5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetPaletteEntries, address = 0x76ddc2aa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetObjectW, address = 0x76dd7568 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFilePaletteEntries, address = 0x76e0d1ac |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFileHeader, address = 0x76decd3a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFileDescriptionW, address = 0x76e0dc6b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFileBits, address = 0x76decdc8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address = 0x76dd6f7f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetDIBits, address = 0x76dda23b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetDIBColorTable, address = 0x76dda149 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetCurrentPositionEx, address = 0x76dd8d78 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetClipBox, address = 0x76dd8525 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetBrushOrgEx, address = 0x76ddc943 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetBitmapBits, address = 0x76ddc1ba |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GdiFlush, address = 0x76dd5fe4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = FrameRgn, address = 0x76e05ae2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ExtTextOutW, address = 0x76dd8192 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ExtFloodFill, address = 0x76defd94 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ExcludeClipRect, address = 0x76dd9218 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = EnumFontFamiliesExW, address = 0x76ddce94 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Ellipse, address = 0x76e055e3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = DeleteObject, address = 0x76dd5f14 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = DeleteEnhMetaFile, address = 0x76debda2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = DeleteDC, address = 0x76dd6eaa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateSolidBrush, address = 0x76dd6b49 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateRectRgn, address = 0x76dd633b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreatePenIndirect, address = 0x76de744d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreatePalette, address = 0x76ddb1b0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateHalftonePalette, address = 0x76ddc2cd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateFontIndirectW, address = 0x76ddabfc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateEnhMetaFileW, address = 0x76decc1f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateDIBitmap, address = 0x76dda379 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateDIBSection, address = 0x76dd8850 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateCompatibleDC, address = 0x76dd6888 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address = 0x76dd73ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateBrushIndirect, address = 0x76dd993c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateBitmap, address = 0x76dd6b79 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CopyEnhMetaFileW, address = 0x76e0d651 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CombineRgn, address = 0x76dd651e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CloseEnhMetaFile, address = 0x76dec3fe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Chord, address = 0x76e054fa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = BitBlt, address = 0x76dd72c0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ArcTo, address = 0x76e05436 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Arc, address = 0x76e0534e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = AngleArc, address = 0x76e05299 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\version.dll | function = VerQueryValueW, address = 0x748a1b51 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\version.dll | function = GetFileVersionInfoSizeW, address = 0x748a19d9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\version.dll | function = GetFileVersionInfoW, address = 0x748a19f4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WinExec, address = 0x7598e5fd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address = 0x7594ba90 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjectsEx, address = 0x7594bc00 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualQueryEx, address = 0x75934e42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualProtect, address = 0x75942341 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SuspendThread, address = 0x75960ca9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SizeofResource, address = 0x75943e7f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadPriority, address = 0x75944815 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetLastError, address = 0x7594bb08 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetFilePointer, address = 0x7594db36 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetEvent, address = 0x7594bccc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetErrorMode, address = 0x75954a51 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetEndOfFile, address = 0x75942319 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ResumeThread, address = 0x75940f1c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ResetEvent, address = 0x7594bcb4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = RemoveDirectoryW, address = 0x7593586a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ReadFile, address = 0x759496fb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = OpenProcess, address = 0x759459d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = MulDiv, address = 0x7594b7a0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LockResource, address = 0x7593fd29 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadResource, address = 0x7594984d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address = 0x75953c01 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapFree, address = 0x7594bbd0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapDestroy, address = 0x75942301 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapCreate, address = 0x75953ea2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapAlloc, address = 0x77252dd6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalUnlock, address = 0x75949d50 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalSize, address = 0x7593eb78 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalLock, address = 0x75949e05 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalFree, address = 0x75949cf9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalFindAtomW, address = 0x7594912d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalDeleteAtom, address = 0x7593f16c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address = 0x75949ce1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalAddAtomW, address = 0x759470f9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetVolumeInformationW, address = 0x75957598 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetVersionExW, address = 0x75943b1a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetUserDefaultLCID, address = 0x75956584 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetTimeZoneInformation, address = 0x75938a3b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadPriority, address = 0x75949147 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadLocale, address = 0x7594153c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetTempPathW, address = 0x75938b33 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLocalTime, address = 0x7594a90e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFullPathNameW, address = 0x75954543 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFileSize, address = 0x75940273 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address = 0x759564ff |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetExitCodeThread, address = 0x75936ddd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetEnvironmentVariableW, address = 0x759565c4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceW, address = 0x75933530 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDateFormatW, address = 0x7594afab |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentThread, address = 0x75953351 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address = 0x7594cac4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address = 0x7594cdcf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetComputerNameW, address = 0x759403ff |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCPInfoExW, address = 0x75938b1b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCPInfo, address = 0x75951e2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FreeResource, address = 0x7593f1bd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InterlockedExchange, address = 0x7594bf0a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InterlockedCompareExchange, address = 0x7594bb92 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FormatMessageW, address = 0x759454a3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindResourceW, address = 0x75943e61 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindNextFileW, address = 0x7594963a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FileTimeToLocalFileTime, address = 0x75952004 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FileTimeToDosDateTime, address = 0x75942ce1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = EnumSystemLocalesW, address = 0x7598f3df |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = EnumCalendarInfoW, address = 0x7598f38f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = DeleteFileW, address = 0x75940f62 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateProcessW, address = 0x7590204d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateFileW, address = 0x7594cc56 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateEventW, address = 0x75953386 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address = 0x75943925 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address = 0x766614d6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegQueryInfoKeyW, address = 0x766646e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegFlushKey, address = 0x7667773f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegEnumKeyExW, address = 0x766646c8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegCreateKeyExW, address = 0x766640fe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = GetUserNameW, address = 0x7666157a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayPtrOfIndex, address = 0x76efe1ce |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayGetUBound, address = 0x76efe127 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayGetLBound, address = 0x76efe173 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayCreate, address = 0x76efe263 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantChangeType, address = 0x76ee5dee |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantCopyInd, address = 0x76efe86c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantCopy, address = 0x76ee48f1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantClear, address = 0x76ee3eae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantInit, address = 0x76ee3ed5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = GetErrorInfo, address = 0x76ee3f21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = GetActiveObject, address = 0x76f28f58 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CreateStreamOnHGlobal, address = 0x76ab363b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = IsAccelerator, address = 0x76b5043e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleDraw, address = 0x76b10286 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleSetMenuDescriptor, address = 0x76aedc53 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleUninitialize, address = 0x76aaeba1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleInitialize, address = 0x76aaefd7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoTaskMemFree, address = 0x76ae6f41 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoTaskMemAlloc, address = 0x76adea4c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = ProgIDFromCLSID, address = 0x76b1ef82 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = StringFromCLSID, address = 0x76aaeb17 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoCreateInstance, address = 0x76ad9d0b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoGetClassObject, address = 0x76ac54ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoUninitialize, address = 0x76ad86d3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoInitialize, address = 0x76aab636 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = IsEqualGUID, address = 0x76b5041c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitializeFlatSB, address = 0x741ef803 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollProp, address = 0x741907d0 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollPos, address = 0x74190894 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollInfo, address = 0x741908c7 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollPos, address = 0x741ef80e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollInfo, address = 0x741908b6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = _TrackMouseEvent, address = 0x741922d1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_SetIconSize, address = 0x741fb44e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetIconSize, address = 0x741250df |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Write, address = 0x74158b97 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Read, address = 0x74113eae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetDragImage, address = 0x741fafbb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragShowNolock, address = 0x741fb161 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragMove, address = 0x741fb0f0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragLeave, address = 0x741fb12a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragEnter, address = 0x741fb0b3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_EndDrag, address = 0x741fa177 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_BeginDrag, address = 0x741fb021 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetIcon, address = 0x7413af2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Remove, address = 0x7413e333 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DrawEx, address = 0x741210fd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Draw, address = 0x741ac687 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetBkColor, address = 0x7412e8d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_SetBkColor, address = 0x74190183 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Add, address = 0x74168fa1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_SetImageCount, address = 0x74165249 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetImageCount, address = 0x7411a8b9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Destroy, address = 0x74126471 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Create, address = 0x74123c75 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumDisplayMonitors, address = 0x76cb34a3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMonitorInfoW, address = 0x76cb33e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MonitorFromPoint, address = 0x76ca94c9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MonitorFromWindow, address = 0x76cb3622 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\msvcrt.dll | function = memset, address = 0x76f79790 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\msvcrt.dll | function = memcpy, address = 0x76f79910 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = ShellExecuteW, address = 0x759f3c71 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = Shell_NotifyIconW, address = 0x75a001c1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryW, address = 0x7568989c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryW, address = 0x7568978a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address = 0x75698409 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = DeleteUrlCacheEntryW, address = 0x756a9573 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetRawInputData, address = 0x76d04c21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterRawInputDevices, address = 0x76ca5b52 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleacc.dll | function = AccessibleObjectFromWindow, address = 0x72192480 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleacc.dll | function = AccessibleChildren, address = 0x72195d25 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadPreferredUILanguages, address = 0x759422d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadPreferredUILanguages, address = 0x7593e627 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadUILanguage, address = 0x7593ae42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address = 0x7593be77 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExW, address = 0x7593de40 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address = 0x77259981 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeConditionVariable, address = 0x772a5a7b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address = 0x772245a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address = 0x759318be |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address = 0x75932004 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoCreateInstanceEx, address = 0x76ad9d4e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoInitializeEx, address = 0x76ad09ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoAddRefServerProcess, address = 0x76af3cf3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoReleaseServerProcess, address = 0x76af4314 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoResumeClassObjects, address = 0x76a9ea02 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoSuspendClassObjects, address = 0x76afbb02 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\imm32.dll | function = ImmIsIME, address = 0x76632ceb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = AnimateWindow, address = 0x76cd0620 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = UninitializeFlatSB, address = 0x7411d1ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollProp, address = 0x741ef81f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_EnableScrollBar, address = 0x741ef84b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_ShowScrollBar, address = 0x741ef83a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollRange, address = 0x741ef829 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollRange, address = 0x741908a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetLayeredWindowAttributes, address = 0x76caa6dc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsHungAppWindow, address = 0x76cd7195 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = HungWindowFromGhostWindow, address = 0x76cc61f5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GhostWindowFromHungWindow, address = 0x76caa561 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\olepro32.dll | function = OleCreatePropertyFrame, address = 0x6e1020ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\olepro32.dll | function = OleCreateFontIndirect, address = 0x6e1020b7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\olepro32.dll | function = OleCreatePictureIndirect, address = 0x6e1020c8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\olepro32.dll | function = OleLoadPicture, address = 0x6e1020d9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address = 0x759459ef |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\security.dll | function = InitSecurityInterfaceW, address = 0x75285b53 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wtsapi32.dll | function = WTSRegisterSessionNotification, address = 0x73c51cbc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = BufferedPaintInit, address = 0x7409940e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = OpenThemeData, address = 0x740973d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = CloseThemeData, address = 0x74096a18 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeBackground, address = 0x74093982 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeText, address = 0x74094ea1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundContentRect, address = 0x7409cd2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundExtent, address = 0x7409f8bf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemePartSize, address = 0x7409cdb1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeTextExtent, address = 0x74092d57 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeTextMetrics, address = 0x7409f992 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundRegion, address = 0x740a165d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = HitTestThemeBackground, address = 0x740a3ce3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeEdge, address = 0x740b3b52 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeIcon, address = 0x740c35e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemePartDefined, address = 0x740985b4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemeBackgroundPartiallyTransparent, address = 0x740960ab |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeColor, address = 0x7409616c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeMetric, address = 0x740a06e2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeString, address = 0x740c22e4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBool, address = 0x74097c1f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeInt, address = 0x7409616c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeEnumValue, address = 0x7409616c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemePosition, address = 0x740c2350 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeFont, address = 0x7409ff21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeRect, address = 0x740a3611 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeMargins, address = 0x740986e9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeIntList, address = 0x740c23b1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemePropertyOrigin, address = 0x740b3fbb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = SetWindowTheme, address = 0x740a0134 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeFilename, address = 0x740c2412 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysColor, address = 0x740b3274 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysColorBrush, address = 0x740c301e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysBool, address = 0x740c3172 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysSize, address = 0x740c320b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysFont, address = 0x740c29c4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysString, address = 0x740c2b3f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysInt, address = 0x740c2bd3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemeActive, address = 0x7409f785 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsAppThemed, address = 0x7409f869 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetWindowTheme, address = 0x7409df46 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = EnableThemeDialogTexture, address = 0x7409fcaf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemeDialogTextureEnabled, address = 0x740c312b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeAppProperties, address = 0x740a0fb1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = SetThemeAppProperties, address = 0x740c3296 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetCurrentThemeName, address = 0x740a05dd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeDocumentationProperty, address = 0x740c2932 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeParentBackground, address = 0x740953e5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = EnableTheming, address = 0x740c2feb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeTextEx, address = 0x740963e6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = WSAStartup, address = 0x773f3ab2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = GetAddrInfoW, address = 0x773f4889 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = GetNameInfoW, address = 0x773f66af |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = FreeAddrInfoW, address = 0x773f4b1b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = InetPtonW, address = 0x774039dc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = InetNtopW, address = 0x77403abf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = GetAddrInfoExW, address = 0x773fd1ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = SetAddrInfoExW, address = 0x773ff4f6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = FreeAddrInfoExW, address = 0x773fe14d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSASetSocketPeerTargetName, address = 0x721fbb1e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSADeleteSocketPeerTargetName, address = 0x721fbb4e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSAImpersonateSocketPeer, address = 0x721fbb7e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSAQuerySocketSecurity, address = 0x721fbaed |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSARevertImpersonation, address = 0x721fbcfd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\idndl.dll | function = DownlevelGetLocaleScripts, address = 0x6e0f2a5b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\idndl.dll | function = DownlevelGetStringScripts, address = 0x6e0f2b2f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\idndl.dll | function = DownlevelVerifyScripts, address = 0x6e0f2dad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IdnToUnicode, address = 0x7599f707 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IdnToNameprepUnicode, address = 0x7599f6b4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IdnToAscii, address = 0x75938bb8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IsNormalizedString, address = 0x7599f662 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = NormalizeString, address = 0x7599f5ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = socket, address = 0x773f3eb8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = getsockopt, address = 0x773f737d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = setsockopt, address = 0x773f41b6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = htons, address = 0x773f2d8b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = bind, address = 0x773f4582 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = getsockname, address = 0x773f30af |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = ntohs, address = 0x773f2d8b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = connect, address = 0x773f6bdd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = WSAGetLastError, address = 0x773f37ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = shutdown, address = 0x773f449d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = closesocket, address = 0x773f3918 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address = 0x7593f731 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32ListFirst, address = 0x759902e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32ListNext, address = 0x75990391 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32First, address = 0x75990429 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32Next, address = 0x75990614 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Toolhelp32ReadProcessMemory, address = 0x75990819 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32First, address = 0x7596443d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32Next, address = 0x75964505 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32FirstW, address = 0x7593fa35 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32NextW, address = 0x7593faca |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Thread32First, address = 0x75967e4c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Thread32Next, address = 0x75967edc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32First, address = 0x75990859 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32Next, address = 0x75990942 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32FirstW, address = 0x7593c59e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32NextW, address = 0x7593c11f |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VerLanguageNameW, address = 0x75938ca1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetSystemDefaultLangID, address = 0x7593db6e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = getpeername, address = 0x773f7147 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = send, address = 0x773f6f01 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = select, address = 0x773f6989 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = recv, address = 0x773f6b0e |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Locales |
|
2 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Borland\Locales |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409 |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data_ident_out = Tahoma |
|
1 | |
| WRITE_VALUE | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = xacwe, data = regsvr32.exe /s "C:\Users\Public\N3Eg\N3Eg2.51N3E" #96 |
|
1 |
| Operation | User/Group/Server | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_CURRENT | DSsDPMx042 |
|
2 |
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
18 | ||
| CREATE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| CREATE | Explorer | window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| FIND | k8w0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| SET_ATTRIBUTE | FrmMwM41n | class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| SET_ATTRIBUTE | FrmMwM41n | class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| SET_ATTRIBUTE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 |
| Operation | Virtual Key Code | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_INFO | 0 | result_out = 4 |
|
1 | |
| GET_INFO | KB_LOCALE_ID | os_tid = 0, result_out = 67699721 |
|
1 | |
| GET_INFO | KB_LOCALE_ID |
|
1 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| GET_CURSOR | x_out = 991, y_out = 872 |
|
12 | |
| GET_CURSOR | x_out = 1126, y_out = 518 |
|
10 | |
| SLEEP | duration = 1500 milliseconds (1.500 seconds) |
|
1 | |
| SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
2 | |
| SLEEP | duration = 60000 milliseconds (60.000 seconds) |
|
2 | |
| SLEEP | duration = 600000 milliseconds (600.000 seconds) |
|
2 | |
| SLEEP | duration = 20000 milliseconds (20.000 seconds) |
|
1 | |
| SLEEP | duration = 70000 milliseconds (70.000 seconds) |
|
1 | |
| GET_INFO | type = Hardware Information |
|
1 |
| Remote Address | Remote Port | Username | Password | Success | Count |
|---|---|---|---|---|---|
| 127.0.0.1 | 80 |
|
1 |
| Method | URL | Success | Count |
|---|---|---|---|
| GET | http://127.0.0.1/nosoanfhtympkl50tre/infx/s1/conta.php?chave=s3n4&url=N3EERVTWSM%20*%20%2032%20bits%20*%202626.5%20kb%20*%20%20*%20English%20(United%20States) |
|
1 |
| Operation | Host | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| RESOLVE_NAME | carvas32ltda.com |
|
3 | ||
| RESOLVE_NAME | carva32ssa.com |
|
2 | ||
| RESOLVE_NAME | bandeivacomercial.com |
|
2 | ||
| RESOLVE_NAME | bandeivacomercio.com |
|
2 | ||
| RESOLVE_NAME | adom2.com.br |
|
1 |
| Remote Address | Remote Port | L7Protocol | Success | Count |
|---|---|---|---|---|
| 187.191.100.112 | 80 |
|
10 |
| Information | Value |
|---|---|
| ID / OS PID | #5 / 0xef8 |
| OS Parent PID | 0x4f0 (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /k "C:\Users\Public\N3Eg\N3E.vbs" |
| Monitor | Start Time: 00:03:41, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:09 |
| OS Thread IDs |
#
80
0x EFC
#
82
0x F18
#
83
0x F1C
#
84
0x F20
#
85
0x F24 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x001bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000200000 | 0x00200000 | 0x00201fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000220000 | 0x00220000 | 0x002e7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000300000 | 0x00300000 | 0x00301fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000310000 | 0x00310000 | 0x00310fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000420000 | 0x00420000 | 0x00520fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000530000 | 0x00530000 | 0x0112ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001130000 | 0x01130000 | 0x013bafff | Pagefile Backed Memory | Readable |
|
|
|
|
| SortDefault.nls | 0x013c0000 | 0x0168efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001690000 | 0x01690000 | 0x01690fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x016a0000 | 0x016a3fff | Memory Mapped File | Readable |
|
|
|
|
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db | 0x016b0000 | 0x016ccfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db | 0x016e0000 | 0x0170ffff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x01710000 | 0x01713fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001720000 | 0x01720000 | 0x01720fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001740000 | 0x01740000 | 0x0183ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001840000 | 0x01840000 | 0x0191efff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001950000 | 0x01950000 | 0x0198ffff | Private Memory | Readable, Writable |
|
|
|
|
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x01990000 | 0x019f5fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001a00000 | 0x01a00000 | 0x01df2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001e00000 | 0x01e00000 | 0x01efffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001f90000 | 0x01f90000 | 0x0208ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|
|
|
| cmd.exe | 0x4a810000 | 0x4a85bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x6dd80000 | 0x6dd86fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x739c0000 | 0x739e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x74090000 | 0x740cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x745a0000 | 0x74694fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x752a0000 | 0x752abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x753c0000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x753d0000 | 0x754ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x754f0000 | 0x75501fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75590000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75650000 | 0x75744fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Wldap32.dll | 0x757d0000 | 0x75814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x766f0000 | 0x7688cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x76890000 | 0x76a8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76e20000 | 0x76ea2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76ee0000 | 0x76f6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x770c0000 | 0x771f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN | STD_OUTPUT_HANDLE |
|
7 | ||
| OPEN | STD_INPUT_HANDLE |
|
2 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | C:\Users\Public\N3Eg\N3E.vbs | os_tid = 0x0, os_pid = 0x0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, current_directory = C:\Windows\system32, show_window = SW_SHOWNORMAL |
|
1 | |
| CREATE | C:\Users\Public\N3Eg\N3E.vbs | current_directory = C:\Windows\system32, show_window = SW_SHOWNORMAL |
|
1 | |
| SET_CURDIR | c:\windows\system32\cmd.exe | os_pid = 0xef8, new_path_name = c:\windows\system32 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | SHELL32.dll | base_address = 0x759e0000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\cmd.exe | base_address = 0x4a810000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x75900000 |
|
2 | |
| GET_FILENAME | C:\Windows\system32\cmd.exe |
|
1 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address = 0x759524c2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CopyFileExW, address = 0x7593ac6c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address = 0x75952732 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = ShellExecuteExW, address = 0x75a01e46 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data_ident_out = 9 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data_ident_out = 9 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data_ident_out = 9 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #6 / 0xf28 |
| OS Parent PID | 0xef8 (c:\windows\system32\cmd.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\wscript.exe |
| Command Line | "C:\Windows\System32\WScript.exe" "C:\Users\Public\N3Eg\N3E.vbs" |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:08 |
| OS Thread IDs |
#
86
0x F2C
#
87
0x F30
#
88
0x F34
#
89
0x F38
#
90
0x F3C
#
91
0x F40
#
92
0x F44
#
93
0x F48 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| wscript.exe.mui | 0x00050000 | 0x00052fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|
|
|
| wscript.exe | 0x00080000 | 0x000a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x002b0000 | 0x00316fff | Memory Mapped File | Readable |
|
|
|
|
| wscript.exe | 0x00320000 | 0x0032efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000330000 | 0x00330000 | 0x00330fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000340000 | 0x00340000 | 0x00340fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000350000 | 0x00350000 | 0x00351fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000370000 | 0x00370000 | 0x00437fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000440000 | 0x00440000 | 0x00540fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000550000 | 0x00550000 | 0x0114ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| scrrun.dll | 0x01150000 | 0x01164fff | Memory Mapped File | Readable |
|
|
|
|
| shell32.dll | 0x01170000 | 0x01182fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001190000 | 0x01190000 | 0x01190fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000011a0000 | 0x011a0000 | 0x011a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x011b0000 | 0x011b0fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000011c0000 | 0x011c0000 | 0x011c1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000011d0000 | 0x011d0000 | 0x011d1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x011e0000 | 0x011e3fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001200000 | 0x01200000 | 0x0123ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001240000 | 0x01240000 | 0x0131efff | Pagefile Backed Memory | Readable |
|
|
|
|
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db | 0x01320000 | 0x0133cfff | Memory Mapped File | Readable |
|
|
|
|
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db | 0x01340000 | 0x0136ffff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x01370000 | 0x01373fff | Memory Mapped File | Readable |
|
|
|
|
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x01380000 | 0x013e5fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001400000 | 0x01400000 | 0x014fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001500000 | 0x01500000 | 0x015fffff | Private Memory | Readable, Writable |
|
|
|
|
| SortDefault.nls | 0x01600000 | 0x018cefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001920000 | 0x01920000 | 0x01a1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001a60000 | 0x01a60000 | 0x01b5ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001b60000 | 0x01b60000 | 0x01f5ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002050000 | 0x02050000 | 0x0205ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002200000 | 0x02200000 | 0x022fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000023b0000 | 0x023b0000 | 0x024affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000024b0000 | 0x024b0000 | 0x028a2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000028b0000 | 0x028b0000 | 0x029affff | Private Memory | Readable, Writable |
|
|
|
|
| comctl32.dll | 0x6c1c0000 | 0x6c243fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vbscript.dll | 0x6c4c0000 | 0x6c52afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrrun.dll | 0x6dab0000 | 0x6dad9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrobj.dll | 0x6dae0000 | 0x6db0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshext.dll | 0x6db10000 | 0x6db25fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msisip.dll | 0x6dd30000 | 0x6dd37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ieframe.dll | 0x6e6a0000 | 0x6f11ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x71af0000 | 0x71b3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x72080000 | 0x72091fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleacc.dll | 0x72190000 | 0x721cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x739c0000 | 0x739e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x73da0000 | 0x73db2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x74090000 | 0x740cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x745a0000 | 0x74694fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x748a0000 | 0x748a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74bc0000 | 0x74bfafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x74e20000 | 0x74e35fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x752a0000 | 0x752abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x752b0000 | 0x7530efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x753c0000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x753d0000 | 0x754ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x754f0000 | 0x75501fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x75560000 | 0x7558cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75590000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75650000 | 0x75744fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Wldap32.dll | 0x757d0000 | 0x75814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x766f0000 | 0x7688cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x76890000 | 0x76a8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76e20000 | 0x76ea2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76ee0000 | 0x76f6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x770c0000 | 0x771f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77360000 | 0x77364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\users\public\n3eg\n3e.vbs | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN |
|
1 | |
| READ | c:\users\public\n3eg\n3e.vbs | module_name = Nameless FileMapping, size = 4199 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | kernel32.dll | base_address = 0x75900000 |
|
1 | |
| LOAD | ole32.dll | base_address = 0x76a90000 |
|
1 | |
| LOAD | C:\Windows\system32\advapi32.dll | base_address = 0x76650000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\wscript.exe | base_address = 0x80000 |
|
2 | |
| GET_HANDLE | c:\windows\system32\ole32.dll | base_address = 0x76a90000 |
|
1 | |
| CREATE_MAPPING | c:\users\public\n3eg\n3e.vbs | module_name = Nameless FileMapping, maximum_size = 4199, protection = PAGE_READONLY |
|
1 | |
| MAP | c:\users\public\n3eg\n3e.vbs | process_name = c:\windows\system32\wscript.exe, os_pid = 0xf28, module_name = Nameless FileMapping, desired_access = FILE_MAP_READ, file_offset = 0, address = 0x350000 |
|
1 | |
| UNMAP | c:\windows\system32\wscript.exe | os_pid = 0xf28, base_address = 0x350000 |
|
1 | |
| GET_FILENAME | c:\windows\system32\wscript.exe | file_name = C:\Windows\System32\WScript.exe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address = 0x75954157 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoCreateInstance, address = 0x76ad9d0b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address = 0x76672102 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address = 0x76673352 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address = 0x76673825 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CLSIDFromProgIDEx, address = 0x76aa0782 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoGetClassObject, address = 0x76ac54ad |
|
1 |
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| CREATE | VBScriptEngine5 | IUnknown | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| CREATE | VBScriptEngine5 | IClassFactory |
|
1 | ||
| CREATE | {6C736DB1-BD94-11D0-8A23-00AA00B58E10} | ISystemDebugEventFire | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| CREATE | {06290BD1-48AA-11D2-8432-006008C3FBFC} | {E4D1C9B0-46E8-11D4-A2A6-00104BD35090} | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| CREATE | {06290BD1-48AA-11D2-8432-006008C3FBFC} | IClassFactory |
|
1 | ||
| CREATE | FileSystemObject | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| CREATE | Shell | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| QUERY | VBScriptEngine5 | IClassFactory | new_interface = IUnknown, |
|
1 | |
| QUERY | VBScriptEngine5 | IUnknown | new_interface = IUnknown |
|
1 | |
| QUERY | IClassFactory | new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090}, |
|
1 | ||
| QUERY | new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090} |
|
1 | |||
| QUERY | Shell | IClassFactory | new_interface = {342D1EA0-AE25-11D1-89C5-006008C3FBFC}, |
|
1 | |
| QUERY | Shell | IClassFactory | new_interface = IUnknown, |
|
1 | |
| QUERY | Shell | IUnknown | new_interface = IObjectWithSite |
|
1 | |
| QUERY | Shell | IUnknown | new_interface = IDispatch |
|
1 | |
| QUERY | Shell | IUnknown | new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
2 | |
| METHOD | IMessageFilter | method = AddRef |
|
2 | ||
| METHOD | ITypeLib | method = GetTypeInfoType |
|
5 | ||
| METHOD | VBScriptEngine5 | IClassFactory | new_interface = IUnknown, method = CreateInstance |
|
1 | |
| METHOD | VBScriptEngine5 | IUnknown | method = AddRef |
|
1 | |
| METHOD | ISystemDebugEventFire | method = BeginSession |
|
1 | ||
| METHOD | IClassFactory | method = CreateInstance |
|
1 | ||
| METHOD | method = AddRef |
|
1 | |||
| METHOD | ISystemDebugEventFire | method = IsActive |
|
1 | ||
| METHOD | Shell | IClassFactory | new_interface = IUnknown, method = CreateInstance |
|
1 | |
| METHOD | Shell | IObjectWithSite | method = SetSite |
|
1 | |
| METHOD | FileSystemObject | IClassFactory | method = AddRef |
|
1 | |
| METHOD | Shell | IUnknown | method = AddRef |
|
3 | |
| METHOD | Shell | IUnknown | method = GetIDsOfNames |
|
1 | |
| METHOD | Shell | IUnknown | method = Invoke |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | ||
| CREATE_KEY | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
3 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
3 | ||
| OPEN_KEY | HKEY_CLASSES_ROOT\.vbs |
|
1 | ||
| OPEN_KEY | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data_ident_out = 255 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data_ident_out = 255 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data_ident_out = 255 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data_ident_out = 18 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data_ident_out = 171 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data_ident_out = 18 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data_ident_out = 171 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data_ident_out = 20 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data_ident_out = 20 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data_ident_out = 49 |
|
1 | |
| READ_VALUE | HKEY_CLASSES_ROOT\.vbs | data_ident_out = VBSFile |
|
1 | |
| READ_VALUE | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data_ident_out = VBScript |
|
1 |
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1, window_parameter = 3548128 |
|
1 | ||
| SET_ATTRIBUTE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1 |
|
1 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| SLEEP | duration = -1 (infinite) |
|
1 | |
| SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
3 | |
| SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| GET_INFO | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #7 / 0x494 |
| OS Parent PID | 0xf28 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\wscript.exe |
| Command Line | "C:\Windows\System32\wscript.exe" "C:\Users\Public\N3Eg\N3E.vbs" uac |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Terminated |
| Monitor Duration | 00:00:03 |
| OS Thread IDs |
#
96
0x 8C0
#
97
0x 8C4
#
98
0x 490
#
99
0x 478
#
100
0x 488
#
103
0x 268
#
104
0x 948
#
105
0x 968
#
107
0x 990
#
113
0x 9C8
#
115
0x 690 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| wscript.exe.mui | 0x00050000 | 0x00052fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|
|
|
| wscript.exe | 0x00080000 | 0x000a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| locale.nls | 0x000b0000 | 0x00116fff | Memory Mapped File | Readable |
|
|
|
|
| wscript.exe | 0x00120000 | 0x0012efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000150000 | 0x00150000 | 0x00151fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
|
| scrrun.dll | 0x00260000 | 0x00274fff | Memory Mapped File | Readable |
|
|
|
|
| wshom.ocx | 0x00280000 | 0x0028bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x00377fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000380000 | 0x00380000 | 0x00380fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000490000 | 0x00490000 | 0x00590fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000005a0000 | 0x005a0000 | 0x0119ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000011a0000 | 0x011a0000 | 0x011a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x011b0000 | 0x011b0fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000011c0000 | 0x011c0000 | 0x011fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001200000 | 0x01200000 | 0x012defff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012e0000 | 0x012e0000 | 0x012e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012f0000 | 0x012f0000 | 0x012f1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x01300000 | 0x01303fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001310000 | 0x01310000 | 0x0140ffff | Private Memory | Readable, Writable |
|
|
|
|
| SortDefault.nls | 0x01410000 | 0x016defff | Memory Mapped File | Readable |
|
|
|
|
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db | 0x016e0000 | 0x016fcfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001700000 | 0x01700000 | 0x01700fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db | 0x01710000 | 0x0173ffff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x01740000 | 0x01743fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001750000 | 0x01750000 | 0x01750fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001760000 | 0x01760000 | 0x01760fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001770000 | 0x01770000 | 0x0186ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001870000 | 0x01870000 | 0x0196ffff | Private Memory | Readable, Writable |
|
|
|
|
| FirewallAPI.dll | 0x01970000 | 0x0197afff | Memory Mapped File | Readable |
|
|
|
|
| stdole2.tlb | 0x01980000 | 0x01983fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001990000 | 0x01990000 | 0x01a8ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001a90000 | 0x01a90000 | 0x01e8ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x01e90000 | 0x01ef5fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001f80000 | 0x01f80000 | 0x0207ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002080000 | 0x02080000 | 0x0217ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002280000 | 0x02280000 | 0x0237ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000023f0000 | 0x023f0000 | 0x024effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000024f0000 | 0x024f0000 | 0x028e2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| comctl32.dll | 0x6c1c0000 | 0x6c243fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshom.ocx | 0x6c420000 | 0x6c440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vbscript.dll | 0x6c4c0000 | 0x6c52afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrrun.dll | 0x6dab0000 | 0x6dad9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrobj.dll | 0x6dae0000 | 0x6db0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshext.dll | 0x6db10000 | 0x6db25fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msisip.dll | 0x6dd30000 | 0x6dd37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ieframe.dll | 0x6e6a0000 | 0x6f11ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x71af0000 | 0x71b3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x72080000 | 0x72091fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleacc.dll | 0x72190000 | 0x721cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x739c0000 | 0x739e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x73da0000 | 0x73db2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x74090000 | 0x740cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x745a0000 | 0x74694fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x748a0000 | 0x748a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| FirewallAPI.dll | 0x748b0000 | 0x74925fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74bc0000 | 0x74bfafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x74e20000 | 0x74e35fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x752a0000 | 0x752abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x752b0000 | 0x7530efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x753c0000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x753d0000 | 0x754ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x754f0000 | 0x75501fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x75560000 | 0x7558cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75590000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75650000 | 0x75744fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Wldap32.dll | 0x757d0000 | 0x75814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x766f0000 | 0x7688cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x76890000 | 0x76a8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76e20000 | 0x76ea2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76ee0000 | 0x76f6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x770c0000 | 0x771f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77360000 | 0x77364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\users\public\n3eg\n3e.vbs | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN |
|
1 | |
| READ | c:\users\public\n3eg\n3e.vbs | module_name = Nameless FileMapping, size = 4199 |
|
1 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | sc | operation = Open, show_window = SW_HIDE |
|
1 | |
| CREATE | net | operation = Open, show_window = SW_HIDE |
|
1 | |
| CREATE | cmd | operation = Open, show_window = SW_HIDE |
|
2 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | kernel32.dll | base_address = 0x75900000 |
|
1 | |
| LOAD | ole32.dll | base_address = 0x76a90000 |
|
1 | |
| LOAD | C:\Windows\system32\advapi32.dll | base_address = 0x76650000 |
|
1 | |
| LOAD | shell32.dll | base_address = 0x759e0000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\wscript.exe | base_address = 0x80000 |
|
3 | |
| GET_HANDLE | c:\windows\system32\ole32.dll | base_address = 0x76a90000 |
|
1 | |
| CREATE_MAPPING | c:\users\public\n3eg\n3e.vbs | module_name = Nameless FileMapping, maximum_size = 4199, protection = PAGE_READONLY |
|
1 | |
| MAP | c:\users\public\n3eg\n3e.vbs | process_name = c:\windows\system32\wscript.exe, os_pid = 0x494, module_name = Nameless FileMapping, desired_access = FILE_MAP_READ, file_offset = 0, address = 0x150000 |
|
1 | |
| UNMAP | c:\windows\system32\wscript.exe | os_pid = 0x494, base_address = 0x150000 |
|
1 | |
| GET_FILENAME | c:\windows\system32\wscript.exe | file_name = C:\Windows\System32\wscript.exe |
|
1 | |
| GET_FILENAME | C:\Windows\System32\wscript.exe |
|
1 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address = 0x75954157 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoCreateInstance, address = 0x76ad9d0b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = SaferIdentifyLevel, address = 0x76672102 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = SaferComputeTokenFromLevel, address = 0x76673352 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = SaferCloseLevel, address = 0x76673825 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CLSIDFromProgIDEx, address = 0x76aa0782 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoGetClassObject, address = 0x76ac54ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wscript.exe | function = 1, address = 0x82bb9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = ShellExecuteExW, address = 0x75a01e46 |
|
1 |
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| CREATE | VBScriptEngine5 | IUnknown | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| CREATE | VBScriptEngine5 | IClassFactory |
|
1 | ||
| CREATE | {6C736DB1-BD94-11D0-8A23-00AA00B58E10} | ISystemDebugEventFire | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| CREATE | {06290BD1-48AA-11D2-8432-006008C3FBFC} | {E4D1C9B0-46E8-11D4-A2A6-00104BD35090} | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| CREATE | {06290BD1-48AA-11D2-8432-006008C3FBFC} | IClassFactory |
|
1 | ||
| CREATE | FileSystemObject | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| CREATE | WshShell | IUnknown | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| CREATE | WshShell | IClassFactory |
|
1 | ||
| CREATE | NetFwPolicy2 | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| CREATE | NetFwRule | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| QUERY | VBScriptEngine5 | IClassFactory | new_interface = IUnknown, |
|
1 | |
| QUERY | VBScriptEngine5 | IUnknown | new_interface = IUnknown |
|
1 | |
| QUERY | IClassFactory | new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090}, |
|
1 | ||
| QUERY | new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090} |
|
1 | |||
| QUERY | FileSystemObject | IClassFactory | new_interface = IUnknown, |
|
1 | |
| QUERY | FileSystemObject | IUnknown | new_interface = IUnknown |
|
1 | |
| QUERY | NetFwPolicy2 | IClassFactory | new_interface = {342D1EA0-AE25-11D1-89C5-006008C3FBFC}, |
|
1 | |
| QUERY | NetFwPolicy2 | IClassFactory | new_interface = IUnknown, |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = {FC4801A3-2BA9-11CF-A229-00AA003D7352} |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = IDispatch |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
2 | |
| QUERY | NetFwPolicy2 | IDispatch | new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
4 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = {00020400-0000-0000-C000-000000000046} |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = IEnumVARIANT |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = {342D1EA0-AE25-11D1-89C5-006008C3FBFC}, |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = IUnknown, |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = {FC4801A3-2BA9-11CF-A229-00AA003D7352} |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = IDispatch |
|
1 | |
| QUERY | NetFwPolicy2 | IUnknown | new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
22 | |
| METHOD | IMessageFilter | method = AddRef |
|
306 | ||
| METHOD | ITypeLib | method = GetTypeInfoType |
|
6 | ||
| METHOD | VBScriptEngine5 | IClassFactory | new_interface = IUnknown, method = CreateInstance |
|
1 | |
| METHOD | VBScriptEngine5 | IUnknown | method = AddRef |
|
1 | |
| METHOD | ISystemDebugEventFire | method = BeginSession |
|
1 | ||
| METHOD | IClassFactory | method = CreateInstance |
|
1 | ||
| METHOD | method = AddRef |
|
1 | |||
| METHOD | ISystemDebugEventFire | method = IsActive |
|
2 | ||
| METHOD | FileSystemObject | IClassFactory | new_interface = IUnknown, method = CreateInstance |
|
1 | |
| METHOD | FileSystemObject | IUnknown | method = AddRef |
|
1 | |
| METHOD | NetFwPolicy2 | IClassFactory | new_interface = IUnknown, method = CreateInstance |
|
1 | |
| METHOD | NetFwPolicy2 | IUnknown | method = AddRef |
|
3 | |
| METHOD | NetFwPolicy2 | IUnknown | method = GetIDsOfNames |
|
1 | |
| METHOD | NetFwPolicy2 | IUnknown | new_interface = IDispatch, method = Invoke |
|
1 | |
| METHOD | NetFwPolicy2 | IDispatch | method = AddRef |
|
4 | |
| METHOD | NetFwPolicy2 | IDispatch | new_interface = IUnknown, method = Invoke |
|
1 | |
| METHOD | NetFwPolicy2 | IUnknown | method = Next |
|
304 | |
| METHOD | NetFwPolicy2 | IUnknown | method = Next |
|
1 | |
| METHOD | NetFwPolicy2 | IUnknown | new_interface = IUnknown, method = CreateInstance |
|
1 | |
| METHOD | NetFwPolicy2 | IUnknown | method = AddRef |
|
13 | |
| METHOD | NetFwPolicy2 | IUnknown | method = GetIDsOfNames |
|
11 | |
| METHOD | NetFwPolicy2 | IUnknown | method = Invoke |
|
11 | |
| METHOD | NetFwPolicy2 | IDispatch | method = GetIDsOfNames |
|
1 | |
| METHOD | NetFwPolicy2 | IDispatch | new_interface = IDispatch, method = Invoke |
|
1 | |
| METHOD | ISystemDebugEventFire | method = EndSession |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | ||
| CREATE_KEY | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | ||
| CREATE_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
3 | ||
| CREATE_KEY | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download |
|
2 | ||
| CREATE_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
3 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
3 | ||
| OPEN_KEY | HKEY_CLASSES_ROOT\.vbs |
|
1 | ||
| OPEN_KEY | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data_ident_out = 0 |
|
2 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Enabled, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = LogSecuritySuccesses, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = IgnoreUserSettings, data_ident_out = 237 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data_ident_out = 143 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data_ident_out = 237 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = TrustPolicy, data_ident_out = 143 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = UseWINSAFER, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data_ident_out = 176 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = Timeout, data_ident_out = 176 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings | value_name = DisplayLogo, data_ident_out = 49 |
|
1 | |
| READ_VALUE | HKEY_CLASSES_ROOT\.vbs | data_ident_out = VBSFile |
|
1 | |
| READ_VALUE | HKEY_CLASSES_ROOT\VBSFile\ScriptEngine | data_ident_out = VBScript |
|
1 | |
| WRITE_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | value_name = EnableLUA, data = 0 |
|
1 | |
| WRITE_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | value_name = ConsentPromptBehaviorAdmin, data = 0 |
|
1 | |
| WRITE_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | value_name = PromptOnSecureDesktop, data = 0 |
|
1 | |
| WRITE_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download | value_name = CheckExeSignatures, data = no |
|
1 | |
| WRITE_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download | value_name = RunInvalidSignatures, data = 00000001 |
|
1 | |
| WRITE_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | value_name = AntiVirusDisableNotify, data = 1 |
|
1 | |
| WRITE_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | value_name = UpdatesDisableNotify, data = 1 |
|
1 |
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1, window_parameter = 2761696 |
|
1 | ||
| SET_ATTRIBUTE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1 |
|
1 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| SLEEP | duration = -1 (infinite) |
|
2 | |
| GET_INFO | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #8 / 0x960 |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | "C:\Windows\System32\sc.exe" config WinDefend start= disabled |
| Monitor | Start Time: 00:03:47, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Terminated |
| Monitor Duration | 00:00:01 |
| OS Thread IDs |
#
106
0x 994
#
109
0x 6AC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000080000 | 0x00080000 | 0x000bffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x000c0000 | 0x00126fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000001f0000 | 0x001f0000 | 0x001fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000220000 | 0x00220000 | 0x0031ffff | Private Memory | Readable, Writable |
|
|
|
|
| sc.exe | 0x00ec0000 | 0x00ecbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN | STD_OUTPUT_HANDLE |
|
1 | ||
| WRITE | STD_OUTPUT_HANDLE | size = 34 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_HANDLE | c:\windows\system32\sc.exe | base_address = 0xec0000 |
|
1 |
| Operation | Service | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_MGR | SERVICES_ACTIVE_DATABASE | host = Localhost, desired_access = SC_MANAGER_CONNECT |
|
1 | |
| OPEN | WinDefend | database_name = SERVICES_ACTIVE_DATABASE, desired_access = SERVICE_QUERY_CONFIG, SERVICE_CHANGE_CONFIG |
|
1 | |
| GET_INFO | WinDefend | type = SERVICE_CONFIG_DELAYED_AUTO_START_INFO |
|
1 | |
| SET_CONFIG | WinDefend |
|
1 | ||
| SET_CONFIG | WinDefend | new_service_type = SERVICE_NO_CHANGE, new_start_type = SERVICE_DISABLED |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #9 / 0x6b0 |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" localgroup HomeUsers /delete DSsDPMx042 |
| Monitor | Start Time: 00:03:47, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Terminated |
| Monitor Duration | 00:00:01 |
| OS Thread IDs |
#
108
0x 954 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| net.exe | 0x00130000 | 0x00147fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000270000 | 0x00270000 | 0x002effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000430000 | 0x00430000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000490000 | 0x00490000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| browcli.dll | 0x6dca0000 | 0x6dcacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x72080000 | 0x72091fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x72300000 | 0x72306fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| IPHLPAPI.DLL | 0x72310000 | 0x7232bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samcli.dll | 0x73b20000 | 0x73b2efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x73b30000 | 0x73b3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x73b40000 | 0x73b48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| srvcli.dll | 0x751f0000 | 0x75208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77340000 | 0x77345fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Information | Value |
|---|---|
| ID / OS PID | #10 / 0x9bc |
| OS Parent PID | 0x6b0 (c:\windows\system32\net.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 localgroup HomeUsers /delete DSsDPMx042 |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Terminated |
| Monitor Duration | 00:00:00 |
| OS Thread IDs |
#
110
0x 66C
#
111
0x 668
#
112
0x 664 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x000cffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003d0000 | 0x003d0000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004d0000 | 0x004d0000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000550000 | 0x00550000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| net1.exe | 0x00a70000 | 0x00a99fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netmsg.dll | 0x6c3c0000 | 0x6c3c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| browcli.dll | 0x6dca0000 | 0x6dcacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdsapi.dll | 0x72e10000 | 0x72e27fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dsrole.dll | 0x73720000 | 0x73728fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samcli.dll | 0x73b20000 | 0x73b2efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x73b30000 | 0x73b3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x73b40000 | 0x73b48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netapi32.dll | 0x73b50000 | 0x73b60fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samlib.dll | 0x740d0000 | 0x740e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| logoncli.dll | 0x74c70000 | 0x74c91fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| srvcli.dll | 0x751f0000 | 0x75208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77340000 | 0x77345fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x773f0000 | 0x77424fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN | STD_OUTPUT_HANDLE |
|
1 | ||
| OPEN | STD_ERROR_HANDLE |
|
1 | ||
| WRITE | STD_ERROR_HANDLE | size = 33 |
|
1 | |
| WRITE | STD_ERROR_HANDLE | size = 2 |
|
2 | |
| WRITE | STD_ERROR_HANDLE | size = 43 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | NETMSG | base_address = 0x6c3c0000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\net1.exe | base_address = 0xa70000 |
|
1 | |
| GET_FILENAME | C:\Windows\system32\net1.exe |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #11 / 0x69c |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /k echo a > "C:\Users\Public\N3Eg\uc" |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:02 |
| OS Thread IDs |
#
114
0x 9CC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x00133fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00150000 | 0x001b6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x00287fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000290000 | 0x00290000 | 0x00296fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002c0000 | 0x002c0000 | 0x003bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x004c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000500000 | 0x00500000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000510000 | 0x00510000 | 0x0110ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001110000 | 0x01110000 | 0x0139afff | Pagefile Backed Memory | Readable |
|
|
|
|
| cmd.exe | 0x4a810000 | 0x4a85bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x6dd80000 | 0x6dd86fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\public\n3eg\uc | 0.00 KB (4 bytes) |
MD5:
27ff7ea9ce50076cfc8e794d64957f7c
SHA1: d765803318ad03df1a1fbdc66fd542945dd81a84 SHA256: 885fa5c5cb5f80fdb414f1b3e0b94c4b1366db1ce83e82358c4cb67da2ab73e4 |
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\users\public\n3eg\uc | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| OPEN | STD_OUTPUT_HANDLE |
|
14 | ||
| OPEN | STD_INPUT_HANDLE |
|
11 | ||
| OPEN | c:\users\public\n3eg\uc |
|
9 | ||
| READ | STD_INPUT_HANDLE | size = 8192 |
|
1 | |
| WRITE | c:\users\public\n3eg\uc | size = 4 |
|
1 | |
| WRITE | STD_OUTPUT_HANDLE | size = 2 |
|
1 | |
| WRITE | STD_OUTPUT_HANDLE | size = 20 |
|
1 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| SET_CURDIR | c:\windows\system32\cmd.exe | os_pid = 0x69c, new_path_name = c:\windows\system32 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_HANDLE | c:\windows\system32\cmd.exe | base_address = 0x4a810000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x75900000 |
|
2 | |
| GET_FILENAME | C:\Windows\System32\cmd.exe |
|
1 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address = 0x759524c2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CopyFileExW, address = 0x7593ac6c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address = 0x75952732 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data_ident_out = 88 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data_ident_out = 9 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data_ident_out = 9 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data_ident_out = 9 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #12 / 0x660 |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /k shutdown -r -t 0 -f |
| Monitor | Start Time: 00:03:49, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:01 |
| OS Thread IDs |
#
116
0x 65C |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x004a7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000580000 | 0x00580000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000590000 | 0x00590000 | 0x00690fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006a0000 | 0x006a0000 | 0x0129ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012a0000 | 0x012a0000 | 0x0152afff | Pagefile Backed Memory | Readable |
|
|
|
|
| cmd.exe | 0x4a810000 | 0x4a85bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x6dd80000 | 0x6dd86fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN | c:\users\public\n3eg\uc |
|
10 | ||
| OPEN | STD_INPUT_HANDLE |
|
11 | ||
| OPEN | STD_OUTPUT_HANDLE |
|
6 | ||
| READ | STD_INPUT_HANDLE | size = 8192 |
|
1 | |
| WRITE | STD_OUTPUT_HANDLE | size = 2 |
|
1 | |
| WRITE | STD_OUTPUT_HANDLE | size = 20 |
|
1 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | C:\Windows\system32\shutdown.exe | os_tid = 0x9f0, os_pid = 0x9ec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, current_directory = C:\Windows\system32, show_window = SW_SHOWNORMAL |
|
1 | |
| SET_CURDIR | c:\windows\system32\cmd.exe | os_pid = 0x660, new_path_name = c:\windows\system32 |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_HANDLE | c:\windows\system32\cmd.exe | base_address = 0x4a810000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x75900000 |
|
2 | |
| GET_FILENAME | C:\Windows\System32\cmd.exe |
|
1 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address = 0x759524c2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CopyFileExW, address = 0x7593ac6c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address = 0x75952732 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data_ident_out = 64 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data_ident_out = 9 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data_ident_out = 9 |
|
1 | |
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data_ident_out = 9 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #13 / 0x9ec |
| OS Parent PID | 0x660 (c:\windows\system32\cmd.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\shutdown.exe |
| Command Line | shutdown -r -t 0 -f |
| Monitor | Start Time: 00:03:49, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Terminated |
| Monitor Duration | 00:00:00 |
| OS Thread IDs |
#
117
0x 9F0
#
118
0x A1C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000140000 | 0x00140000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001d0000 | 0x001d0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x00397fff | Pagefile Backed Memory | Readable |
|
|
|
|
| shutdown.exe | 0x00410000 | 0x00419fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000005b0000 | 0x005b0000 | 0x005bffff | Private Memory | Readable, Writable |
|
|
|
|
| secur32.dll | 0x75260000 | 0x75267fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Information | Value |
|---|---|
| ID / OS PID | #14 / 0x574 |
| OS Parent PID | 0x470 (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\regsvr32.exe |
| Command Line | "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Public\N3Eg\N3Eg2.51N3E" #96 |
| Monitor | Start Time: 00:04:12, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:23, Reason: Terminated |
| Monitor Duration | 00:00:11 |
| OS Thread IDs |
#
120
0x 578 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN | c:\windows\explorer.exe | os_pid = 0x470, desired_access = PROCESS_ALL_ACCESS |
|
1 |
| Operation | Address | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| ALLOC | 0x3140000 | process_name = c:\windows\explorer.exe, os_pid = 0x470, size = 66, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE |
|
1 | |
| WRITE | 0x3140000 | process_name = c:\windows\explorer.exe, os_pid = 0x470, size = 66 |
|
1 |
| Operation | Process Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\windows\explorer.exe | os_tid = 0x628, os_pid = 0x470, proc_address = 0x777d3c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | kernel32.dll | base_address = 0x77780000 |
|
3 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x77780000 |
|
7 | |
| GET_HANDLE | c:\windows\system32\oleaut32.dll | base_address = 0x77a00000 |
|
1 | |
| GET_FILENAME | C:\Users\Public\N3Eg\N3Eg2.51N3E |
|
1 | ||
| GET_FILENAME | C:\Windows\System32\regsvr32.exe |
|
3 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadPreferredUILanguages, address = 0x777c22d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadPreferredUILanguages, address = 0x777be627 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadUILanguage, address = 0x777bae42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address = 0x777bbe77 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExW, address = 0x777bde40 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantChangeTypeEx, address = 0x77a04c28 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNeg, address = 0x77a7c802 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNot, address = 0x77a7ec66 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAdd, address = 0x77a25934 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarSub, address = 0x77a7d332 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMul, address = 0x77a7dbd4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDiv, address = 0x77a7e405 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarIdiv, address = 0x77a7f00a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMod, address = 0x77a7f15e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAnd, address = 0x77a25a98 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarOr, address = 0x77a7ecfa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarXor, address = 0x77a7ee2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCmp, address = 0x77a1b0dc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarI4FromStr, address = 0x77a16fab |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR4FromStr, address = 0x77a201a0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR8FromStr, address = 0x77a1699e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDateFromStr, address = 0x77a26ba7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCyFromStr, address = 0x77a46c12 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBoolFromStr, address = 0x77a1dbd1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromCy, address = 0x77a27fdc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromDate, address = 0x77a17a2a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromBool, address = 0x77a20355 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address = 0x77bb9981 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeConditionVariable, address = 0x77c05a7b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address = 0x77b845a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address = 0x777b18be |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateToolhelp32Snapshot, address = 0x777bf731 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32ListFirst, address = 0x778102e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32ListNext, address = 0x77810391 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32First, address = 0x77810429 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Heap32Next, address = 0x77810614 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Toolhelp32ReadProcessMemory, address = 0x77810819 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32First, address = 0x777e443d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32Next, address = 0x777e4505 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32FirstW, address = 0x777bfa35 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Process32NextW, address = 0x777bfaca |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Thread32First, address = 0x777e7e4c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Thread32Next, address = 0x777e7edc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32First, address = 0x77810859 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32Next, address = 0x77810942 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32FirstW, address = 0x777bc59e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Module32NextW, address = 0x777bc11f |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualAllocEx, address = 0x777bc1b6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WriteProcessMemory, address = 0x777bc1de |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateRemoteThread, address = 0x7780f33b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = OpenProcess, address = 0x777c59d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address = 0x777d3c01 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address = 0x777b2004 |
|
2 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
2 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
2 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
2 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| GET_INFO | type = Hardware Information |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #15 / 0x470 |
| OS Parent PID | 0x468 (c:\windows\system32\userinit.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Monitor | Start Time: 00:04:22, Reason: Injection |
| Unmonitor | End Time: 00:06:46, Reason: Terminated |
| Monitor Duration | 00:02:24 |
| OS Thread IDs |
#
121
0x 5E8
#
122
0x 5C4
#
123
0x 5B4
#
124
0x 59C
#
125
0x 594
#
126
0x 568
#
127
0x 564
#
128
0x 560
#
129
0x 55C
#
130
0x 558
#
131
0x 52C
#
132
0x 528
#
133
0x 524
#
134
0x 494
#
135
0x 490
#
136
0x 48C
#
137
0x 488
#
138
0x 484
#
139
0x 480
#
140
0x 47C
#
141
0x 478
#
142
0x 474
#
143
0x 628
#
144
0x 62C
#
145
0x 66C
#
146
0x 670
#
155
0x 6A0
#
156
0x 6A8
#
157
0x 6B4
#
158
0x 6C4
#
159
0x 6C8
#
160
0x 6D0
#
161
0x 6D4
#
182
0x 7C4
#
183
0x 7C8
#
184
0x 7DC
#
185
0x 7E4
#
205
0x 918
#
210
0x 954
#
242
0x A1C
#
244
0x ACC
#
246
0x B00 |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\system32\regsvr32.exe | 0x578 | address = 0x3140000, size = 66 |
|
1 | |
| Create Remote Thread | c:\windows\system32\regsvr32.exe | 0x578 | os_thread_id = 0x628, address = 0x777d3c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | c:\users\public\n3eg\n3eg1.51n3e | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| CREATE | c:\users\public\n3eg\wvs | desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| READ | c:\users\public\n3eg\n3eg1.51n3e | size = 2689537 |
|
1 | |
| WRITE | c:\users\public\n3eg\wvs | size = 4 |
|
1 | |
| DELETE | c:\users\public\n3eg\n3e.vbs |
|
1 | ||
| DELETE | c:\users\public\n3eg\n3e.vbs |
|
1 |
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| LOAD | C:\Users\Public\N3Eg\N3Eg4.ENU | base_address = 0x0 |
|
1 | |
| LOAD | C:\Users\Public\N3Eg\N3Eg4.EN | base_address = 0x0 |
|
1 | |
| LOAD | oleaut32.dll | base_address = 0x77a00000 |
|
3 | |
| LOAD | advapi32.dll | base_address = 0x77130000 |
|
2 | |
| LOAD | user32.dll | base_address = 0x76270000 |
|
4 | |
| LOAD | kernel32.dll | base_address = 0x77780000 |
|
6 | |
| LOAD | gdi32.dll | base_address = 0x76010000 |
|
1 | |
| LOAD | version.dll | base_address = 0x75200000 |
|
1 | |
| LOAD | ole32.dll | base_address = 0x77620000 |
|
1 | |
| LOAD | comctl32.dll | base_address = 0x74c90000 |
|
1 | |
| LOAD | msvcrt.dll | base_address = 0x761c0000 |
|
1 | |
| LOAD | shell32.dll | base_address = 0x764e0000 |
|
1 | |
| LOAD | wininet.dll | base_address = 0x771d0000 |
|
1 | |
| LOAD | oleacc.dll | base_address = 0x732a0000 |
|
1 | |
| LOAD | OLEACC.DLL | base_address = 0x732a0000 |
|
1 | |
| LOAD | imm32.dll | base_address = 0x75fb0000 |
|
2 | |
| LOAD | olepro32.dll | base_address = 0x73280000 |
|
1 | |
| LOAD | security.dll | base_address = 0x73270000 |
|
1 | |
| LOAD | wtsapi32.dll | base_address = 0x74690000 |
|
1 | |
| LOAD | uxtheme.dll | base_address = 0x74b10000 |
|
2 | |
| LOAD | WS2_32.DLL | base_address = 0x75fd0000 |
|
1 | |
| LOAD | Fwpuclnt.dll | base_address = 0x72470000 |
|
1 | |
| LOAD | IdnDL.dll | base_address = 0x6ee90000 |
|
1 | |
| LOAD | Normaliz.dll | base_address = 0x77cd0000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\kernel32.dll | base_address = 0x77780000 |
|
8 | |
| GET_HANDLE | c:\windows\system32\oleaut32.dll | base_address = 0x77a00000 |
|
2 | |
| GET_HANDLE | c:\windows\system32\ole32.dll | base_address = 0x77620000 |
|
1 | |
| GET_HANDLE | c:\windows\system32\user32.dll | base_address = 0x76270000 |
|
3 | |
| GET_HANDLE | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | base_address = 0x74c90000 |
|
1 | |
| GET_FILENAME | C:\Users\Public\N3Eg\N3Eg4.51N3E |
|
1 | ||
| GET_FILENAME | C:\Windows\Explorer.EXE |
|
3 | ||
| GET_FILENAME |
|
1 | |||
| GET_FILENAME | C:\Windows\Explorer.EXE |
|
1 | ||
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExA, address = 0x7780f46f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantChangeTypeEx, address = 0x77a04c28 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNeg, address = 0x77a7c802 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarNot, address = 0x77a7ec66 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAdd, address = 0x77a25934 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarSub, address = 0x77a7d332 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMul, address = 0x77a7dbd4 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDiv, address = 0x77a7e405 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarIdiv, address = 0x77a7f00a |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarMod, address = 0x77a7f15e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarAnd, address = 0x77a25a98 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarOr, address = 0x77a7ecfa |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarXor, address = 0x77a7ee2e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCmp, address = 0x77a1b0dc |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarI4FromStr, address = 0x77a16fab |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR4FromStr, address = 0x77a201a0 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarR8FromStr, address = 0x77a1699e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarDateFromStr, address = 0x77a26ba7 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarCyFromStr, address = 0x77a46c12 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBoolFromStr, address = 0x77a1dbd1 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromCy, address = 0x77a27fdc |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromDate, address = 0x77a17a2a |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VarBstrFromBool, address = 0x77a20355 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SysFreeString, address = 0x77a03e59 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SysReAllocStringLen, address = 0x77a07810 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SysAllocStringLen, address = 0x77a045d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegQueryValueExW, address = 0x771446ad |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address = 0x7714468d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegCloseKey, address = 0x7714469d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MessageBoxA, address = 0x762cea11 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharNextW, address = 0x76280be6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadStringW, address = 0x7627dfba |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = Sleep, address = 0x777cba46 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualFree, address = 0x777d1da4 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualAlloc, address = 0x777d2fb6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = lstrlenW, address = 0x777cd9e8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualQuery, address = 0x777d76d6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = QueryPerformanceCounter, address = 0x777cbb9f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetTickCount, address = 0x777cba60 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetSystemInfo, address = 0x777d3728 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetVersion, address = 0x777c154e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CompareStringW, address = 0x777c9bee |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsValidLocale, address = 0x777c3de4 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadLocale, address = 0x777e88e6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetSystemDefaultUILanguage, address = 0x777b731d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetUserDefaultUILanguage, address = 0x777c22ef |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLocaleInfoW, address = 0x777d6596 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WideCharToMultiByte, address = 0x777d450e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = MultiByteToWideChar, address = 0x777d452b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetACP, address = 0x777d39aa |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryExW, address = 0x777c4775 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetStartupInfoW, address = 0x777d3891 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetProcAddress, address = 0x777d33d3 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetModuleHandleW, address = 0x777d374d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetModuleFileNameW, address = 0x777d3c26 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCommandLineW, address = 0x777d679e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FreeLibrary, address = 0x777cd9d0 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLastError, address = 0x777cbf00 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = UnhandledExceptionFilter, address = 0x777ded38 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = RtlUnwind, address = 0x777b7f70 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = RaiseException, address = 0x777beb60 |
|
3 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ExitProcess, address = 0x777d214f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ExitThread, address = 0x77b8f611 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SwitchToThread, address = 0x777beb24 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentThreadId, address = 0x777cbb80 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateThread, address = 0x777d375d |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = DeleteCriticalSection, address = 0x77bb9ac5 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LeaveCriticalSection, address = 0x77ba7760 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = EnterCriticalSection, address = 0x77ba77a0 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InitializeCriticalSection, address = 0x77bba149 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindFirstFileW, address = 0x777d53b2 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindClose, address = 0x777d0e62 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WriteFile, address = 0x777d1400 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetStdHandle, address = 0x777d1e46 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CloseHandle, address = 0x777cca7c |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryA, address = 0x777d395c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsSetValue, address = 0x777cda88 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsGetValue, address = 0x777cda70 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsFree, address = 0x777d13b8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = TlsAlloc, address = 0x777d35a1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LocalFree, address = 0x777cca64 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LocalAlloc, address = 0x777d3363 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetClassLongW, address = 0x7627658b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassLongW, address = 0x76283860 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowLongW, address = 0x76284449 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowLongW, address = 0x762861b8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateWindowExW, address = 0x7627ec7c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = keybd_event, address = 0x762cec3b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = WindowFromPoint, address = 0x762a6be9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = WaitMessage, address = 0x762866bd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = WaitForInputIdle, address = 0x762a0397 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = UpdateWindow, address = 0x7627ffa8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = UnregisterClassW, address = 0x7627b9ae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = UnhookWindowsHookEx, address = 0x7627adf9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = TranslateMessage, address = 0x762864c7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = TranslateMDISysAccel, address = 0x762a1a5a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = TrackPopupMenu, address = 0x76292228 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SystemParametersInfoW, address = 0x7627e09a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SwitchDesktop, address = 0x7627476b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowWindow, address = 0x7627f2a9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowScrollBar, address = 0x762a3c89 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowOwnedPopups, address = 0x762a28ca |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ShowCaret, address = 0x76279334 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowRgn, address = 0x762799ec |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowsHookExW, address = 0x7627e30c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowTextW, address = 0x7628612b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowPos, address = 0x76281bc4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetWindowPlacement, address = 0x76277f78 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetTimer, address = 0x762852ef |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetScrollRange, address = 0x76278ec5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetScrollPos, address = 0x762a04be |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetScrollInfo, address = 0x762848da |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetRect, address = 0x7628498b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetPropW, address = 0x76285dc5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetParent, address = 0x76278314 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetMenuItemInfoW, address = 0x76281799 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetMenu, address = 0x762a6b0e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetKeyboardState, address = 0x762a695a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetForegroundWindow, address = 0x7627b225 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetFocus, address = 0x7627abad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetCursorPos, address = 0x762bc1b0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetCursor, address = 0x76283075 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetCapture, address = 0x762a6932 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetActiveWindow, address = 0x7628333a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SendMessageTimeoutW, address = 0x7627e459 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SendMessageA, address = 0x7627ad60 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SendMessageW, address = 0x76285539 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ScrollWindow, address = 0x7629fc1d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ScreenToClient, address = 0x7627a506 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RemovePropW, address = 0x76285fe1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RemoveMenu, address = 0x762786e8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ReleaseDC, address = 0x76285421 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ReleaseCapture, address = 0x762a69f2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterWindowMessageW, address = 0x7627df8d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterClipboardFormatW, address = 0x7627df8d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterClassW, address = 0x7627ed4a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RedrawWindow, address = 0x762829bc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PostQuitMessage, address = 0x7627b308 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PostMessageW, address = 0x7628447b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PeekMessageA, address = 0x762819a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = PeekMessageW, address = 0x7628634a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = OpenDesktopW, address = 0x7627c669 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MsgWaitForMultipleObjectsEx, address = 0x7627e369 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MsgWaitForMultipleObjects, address = 0x762837d8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MoveWindow, address = 0x76278d29 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MessageBoxW, address = 0x762cea5f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MessageBeep, address = 0x762a2939 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MapWindowPoints, address = 0x76285caa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MapVirtualKeyW, address = 0x762a6a7c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadKeyboardLayoutW, address = 0x762bc874 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadIconW, address = 0x7627f142 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadCursorW, address = 0x7627ed90 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = LoadBitmapW, address = 0x76276460 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = KillTimer, address = 0x762864f7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsZoomed, address = 0x76284ce9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindowVisible, address = 0x76284d69 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindowUnicode, address = 0x76282f55 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindowEnabled, address = 0x7627a9b9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsWindow, address = 0x762853ba |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsIconic, address = 0x76284c8e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsDialogMessageA, address = 0x76292019 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsDialogMessageW, address = 0x76284104 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsChild, address = 0x76283a83 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = InvalidateRect, address = 0x7628566d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = InsertMenuItemW, address = 0x7627aac5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = InsertMenuW, address = 0x7627869a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = HideCaret, address = 0x76279348 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address = 0x7627ee32 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowTextW, address = 0x7627b8c5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowRect, address = 0x7628558c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowPlacement, address = 0x762a69de |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindowDC, address = 0x76284ab7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetTopWindow, address = 0x762a24d9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSystemMetrics, address = 0x762867cf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSystemMenu, address = 0x7627fd8b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSysColorBrush, address = 0x7627f1ed |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSysColor, address = 0x7628db7a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetSubMenu, address = 0x76279c19 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetScrollRange, address = 0x762a045a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetScrollPos, address = 0x762a0e43 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetScrollInfo, address = 0x76282da3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetPropW, address = 0x76285bbe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetParent, address = 0x76286029 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetWindow, address = 0x76282780 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMessageTime, address = 0x762a4231 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMessagePos, address = 0x762a6703 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMessageExtraInfo, address = 0x7627b705 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuStringW, address = 0x762a6528 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuState, address = 0x762a67d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuItemInfoW, address = 0x7627aefa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuItemID, address = 0x76279cd4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenuItemCount, address = 0x7627ae39 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMenu, address = 0x762a6b68 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetLastActivePopup, address = 0x762a6894 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardState, address = 0x762a6946 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardLayoutNameW, address = 0x762bfa13 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardLayoutList, address = 0x7627935c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyboardLayout, address = 0x76283800 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyState, address = 0x76282b4d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetKeyNameTextW, address = 0x762bfa03 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetIconInfo, address = 0x76282989 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetGUIThreadInfo, address = 0x7628237e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetForegroundWindow, address = 0x7628335d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetFocus, address = 0x76283a34 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDlgCtrlID, address = 0x7627b4e8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDesktopWindow, address = 0x762801a9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDCEx, address = 0x76282d57 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetDC, address = 0x7628544c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetCursorPos, address = 0x7627a4b3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetCursor, address = 0x762a6408 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClipboardData, address = 0x76292ba7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClientRect, address = 0x762854dd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassNameW, address = 0x76282a29 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassInfoExW, address = 0x7628095e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetClassInfoW, address = 0x76280ac2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetCapture, address = 0x76279dc7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetActiveWindow, address = 0x762a3b33 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FrameRect, address = 0x762a0eb0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FindWindowExW, address = 0x762a712b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FindWindowW, address = 0x7627ae0d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = FillRect, address = 0x76285d56 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumWindows, address = 0x7628375b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumThreadWindows, address = 0x7627b712 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumChildWindows, address = 0x76282948 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EndPaint, address = 0x76285d42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EndMenu, address = 0x76278302 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnableWindow, address = 0x76278d02 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnableScrollBar, address = 0x762a19ce |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnableMenuItem, address = 0x762a43bc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawTextExW, address = 0x76285894 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawTextW, address = 0x76285b6a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawMenuBar, address = 0x762a15ae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawIconEx, address = 0x76282c32 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawIcon, address = 0x76276427 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawFrameControl, address = 0x7629b4f9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawFocusRect, address = 0x762a3091 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DrawEdge, address = 0x7628311a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DispatchMessageA, address = 0x76282e32 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DispatchMessageW, address = 0x7628cc61 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyWindow, address = 0x7627b2f4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyMenu, address = 0x762787f7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyIcon, address = 0x7627a77f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DestroyCursor, address = 0x7627a77f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DeleteMenu, address = 0x762783c2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DefWindowProcW, address = 0x7628507d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DefMDIChildProcW, address = 0x762a150a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = DefFrameProcW, address = 0x762a152b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreatePopupMenu, address = 0x7627867c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateMenu, address = 0x762a6aed |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateIcon, address = 0x76297510 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CreateDesktopW, address = 0x762740cf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CopyImage, address = 0x762787a6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CloseDesktop, address = 0x7627c4ce |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ClientToScreen, address = 0x76281316 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CheckMenuItem, address = 0x7629ee7c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharUpperBuffW, address = 0x7628ebd5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharUpperW, address = 0x7628e981 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharLowerBuffW, address = 0x76283afe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CharLowerW, address = 0x7627ba8a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CallWindowProcW, address = 0x76281b3c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = CallNextHookEx, address = 0x7627abe1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = BeginPaint, address = 0x76285d14 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = AdjustWindowRectEx, address = 0x762848ba |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = ActivateKeyboardLayout, address = 0x76278203 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = UnrealizeObject, address = 0x7601fb63 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = StretchBlt, address = 0x7601f467 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetWindowOrgEx, address = 0x76018546 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetWinMetaFileBits, address = 0x7604d957 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetViewportOrgEx, address = 0x7601834f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetTextColor, address = 0x76016906 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetStretchBltMode, address = 0x76017705 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetROP2, address = 0x7601f9e0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetPixel, address = 0x760314f3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetMapMode, address = 0x7601efbf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetEnhMetaFileBits, address = 0x7602b380 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetDIBits, address = 0x7601a995 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetDIBColorTable, address = 0x76031492 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetBrushOrgEx, address = 0x7601c4c5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetBkMode, address = 0x760169b1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SetBkColor, address = 0x76016a3c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SelectPalette, address = 0x7601a1f6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SelectObject, address = 0x76016640 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = SaveDC, address = 0x7601a74b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RoundRect, address = 0x7603016d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RestoreDC, address = 0x7601a67b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Rectangle, address = 0x7601f1ff |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RectVisible, address = 0x76018f13 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = RealizePalette, address = 0x7601ef91 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Polyline, address = 0x760205cf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Polygon, address = 0x7601fb87 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PolyBezierTo, address = 0x76046c25 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PolyBezier, address = 0x76046b03 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PlayEnhMetaFile, address = 0x7602990d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Pie, address = 0x7604569f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = PatBlt, address = 0x760162af |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = MoveToEx, address = 0x76018c21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = MaskBlt, address = 0x7601c7ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = LineTo, address = 0x7601f59b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = LPtoDP, address = 0x76018484 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = IntersectClipRect, address = 0x76017dfe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetWindowOrgEx, address = 0x7601d1bf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetWinMetaFileBits, address = 0x7604d7cb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetTextMetricsW, address = 0x76017b8f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetTextExtentPointW, address = 0x7601b358 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetTextExtentPoint32W, address = 0x7601b4b5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetSystemPaletteEntries, address = 0x7601c2e1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetStockObject, address = 0x76015ddf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetRgnBox, address = 0x7601621f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetPixel, address = 0x7601c3d5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetPaletteEntries, address = 0x7601c2aa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetObjectW, address = 0x76017568 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFilePaletteEntries, address = 0x7604d1ac |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFileHeader, address = 0x7602cd3a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFileDescriptionW, address = 0x7604dc6b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetEnhMetaFileBits, address = 0x7602cdc8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetDeviceCaps, address = 0x76016f7f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetDIBits, address = 0x7601a23b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetDIBColorTable, address = 0x7601a149 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetCurrentPositionEx, address = 0x76018d78 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetClipBox, address = 0x76018525 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetBrushOrgEx, address = 0x7601c943 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GetBitmapBits, address = 0x7601c1ba |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = GdiFlush, address = 0x76015fe4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = FrameRgn, address = 0x76045ae2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ExtTextOutW, address = 0x76018192 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ExtFloodFill, address = 0x7602fd94 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ExcludeClipRect, address = 0x76019218 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = EnumFontFamiliesExW, address = 0x7601ce94 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Ellipse, address = 0x760455e3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = DeleteObject, address = 0x76015f14 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = DeleteEnhMetaFile, address = 0x7602bda2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = DeleteDC, address = 0x76016eaa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateSolidBrush, address = 0x76016b49 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateRectRgn, address = 0x7601633b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreatePenIndirect, address = 0x7602744d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreatePalette, address = 0x7601b1b0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateHalftonePalette, address = 0x7601c2cd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateFontIndirectW, address = 0x7601abfc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateEnhMetaFileW, address = 0x7602cc1f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateDIBitmap, address = 0x7601a379 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateDIBSection, address = 0x76018850 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateCompatibleDC, address = 0x76016888 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateCompatibleBitmap, address = 0x760173ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateBrushIndirect, address = 0x7601993c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CreateBitmap, address = 0x76016b79 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CopyEnhMetaFileW, address = 0x7604d651 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CombineRgn, address = 0x7601651e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = CloseEnhMetaFile, address = 0x7602c3fe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Chord, address = 0x760454fa |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = BitBlt, address = 0x760172c0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = ArcTo, address = 0x76045436 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = Arc, address = 0x7604534e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\gdi32.dll | function = AngleArc, address = 0x76045299 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\version.dll | function = VerQueryValueW, address = 0x75201b51 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\version.dll | function = GetFileVersionInfoSizeW, address = 0x752019d9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\version.dll | function = GetFileVersionInfoW, address = 0x752019f4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WinExec, address = 0x7780e5fd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WaitForSingleObject, address = 0x777cba90 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WaitForMultipleObjectsEx, address = 0x777cbc00 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualQueryEx, address = 0x777b4e42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = VirtualProtect, address = 0x777c2341 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SuspendThread, address = 0x777e0ca9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SizeofResource, address = 0x777c3e7f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadPriority, address = 0x777c4815 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetLastError, address = 0x777cbb08 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetFilePointer, address = 0x777cdb36 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetEvent, address = 0x777cbccc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetErrorMode, address = 0x777d4a51 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetEndOfFile, address = 0x777c2319 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ResumeThread, address = 0x777c0f1c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ResetEvent, address = 0x777cbcb4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = RemoveDirectoryW, address = 0x777b586a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = ReadFile, address = 0x777c96fb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address = 0x777c3ea8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = OpenProcess, address = 0x777c59d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = MulDiv, address = 0x777cb7a0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LockResource, address = 0x777bfd29 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadResource, address = 0x777c984d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = LoadLibraryW, address = 0x777d3c01 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapFree, address = 0x777cbbd0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapDestroy, address = 0x777c2301 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapCreate, address = 0x777d3ea2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = HeapAlloc, address = 0x77bb2dd6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalUnlock, address = 0x777c9d50 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalSize, address = 0x777beb78 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalLock, address = 0x777c9e05 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalFree, address = 0x777c9cf9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalFindAtomW, address = 0x777c912d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalDeleteAtom, address = 0x777bf16c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalAlloc, address = 0x777c9ce1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GlobalAddAtomW, address = 0x777c70f9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetVolumeInformationW, address = 0x777d7598 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetVersionExW, address = 0x777c3b1a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetUserDefaultLCID, address = 0x777d6584 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetTimeZoneInformation, address = 0x777b8a3b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadPriority, address = 0x777c9147 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadLocale, address = 0x777c153c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetTempPathW, address = 0x777b8b33 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLocalTime, address = 0x777ca90e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFullPathNameW, address = 0x777d4543 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFileSize, address = 0x777c0273 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFileAttributesW, address = 0x777d64ff |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetExitCodeThread, address = 0x777b6ddd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetEnvironmentVariableW, address = 0x777d65c4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceW, address = 0x777b3530 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDateFormatW, address = 0x777cafab |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentThread, address = 0x777d3351 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentProcessId, address = 0x777ccac4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCurrentProcess, address = 0x777ccdcf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetComputerNameW, address = 0x777c03ff |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCPInfoExW, address = 0x777b8b1b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetCPInfo, address = 0x777d1e2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FreeResource, address = 0x777bf1bd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InterlockedExchange, address = 0x777cbf0a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InterlockedCompareExchange, address = 0x777cbb92 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FormatMessageW, address = 0x777c54a3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindResourceW, address = 0x777c3e61 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FindNextFileW, address = 0x777c963a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FileTimeToLocalFileTime, address = 0x777d2004 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = FileTimeToDosDateTime, address = 0x777c2ce1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = EnumSystemLocalesW, address = 0x7780f3df |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = EnumCalendarInfoW, address = 0x7780f38f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = DeleteFileW, address = 0x777c0f62 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateProcessW, address = 0x7778204d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateFileW, address = 0x777ccc56 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateEventW, address = 0x777d3386 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = CreateDirectoryW, address = 0x777c3925 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegSetValueExW, address = 0x771414d6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegQueryInfoKeyW, address = 0x771446e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegFlushKey, address = 0x7715773f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegEnumKeyExW, address = 0x771446c8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = RegCreateKeyExW, address = 0x771440fe |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\advapi32.dll | function = GetUserNameW, address = 0x7714157a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayPtrOfIndex, address = 0x77a1e1ce |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayGetUBound, address = 0x77a1e127 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayGetLBound, address = 0x77a1e173 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = SafeArrayCreate, address = 0x77a1e263 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantChangeType, address = 0x77a05dee |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantCopyInd, address = 0x77a1e86c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantCopy, address = 0x77a048f1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantClear, address = 0x77a03eae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = VariantInit, address = 0x77a03ed5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = GetErrorInfo, address = 0x77a03f21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleaut32.dll | function = GetActiveObject, address = 0x77a48f58 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CreateStreamOnHGlobal, address = 0x7764363b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = IsAccelerator, address = 0x776e043e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleDraw, address = 0x776a0286 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleSetMenuDescriptor, address = 0x7767dc53 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleUninitialize, address = 0x7763eba1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = OleInitialize, address = 0x7763efd7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoTaskMemFree, address = 0x77676f41 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoTaskMemAlloc, address = 0x7766ea4c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = ProgIDFromCLSID, address = 0x776aef82 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = StringFromCLSID, address = 0x7763eb17 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoCreateInstance, address = 0x77669d0b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoGetClassObject, address = 0x776554ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoUninitialize, address = 0x776686d3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoInitialize, address = 0x7763b636 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = IsEqualGUID, address = 0x776e041c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = InitializeFlatSB, address = 0x74d6f803 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollProp, address = 0x74d107d0 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollPos, address = 0x74d10894 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollInfo, address = 0x74d108c7 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollPos, address = 0x74d6f80e |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollInfo, address = 0x74d108b6 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = _TrackMouseEvent, address = 0x74d122d1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_SetIconSize, address = 0x74d7b44e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetIconSize, address = 0x74ca50df |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Write, address = 0x74cd8b97 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Read, address = 0x74c93eae |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetDragImage, address = 0x74d7afbb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragShowNolock, address = 0x74d7b161 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragMove, address = 0x74d7b0f0 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragLeave, address = 0x74d7b12a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DragEnter, address = 0x74d7b0b3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_EndDrag, address = 0x74d7a177 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_BeginDrag, address = 0x74d7b021 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetIcon, address = 0x74cbaf2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Remove, address = 0x74cbe333 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_DrawEx, address = 0x74ca10fd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Draw, address = 0x74d2c687 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetBkColor, address = 0x74cae8d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_SetBkColor, address = 0x74d10183 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Add, address = 0x74ce8fa1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_SetImageCount, address = 0x74ce5249 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_GetImageCount, address = 0x74c9a8b9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Destroy, address = 0x74ca6471 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = ImageList_Create, address = 0x74ca3c75 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = EnumDisplayMonitors, address = 0x762834a3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetMonitorInfoW, address = 0x762833e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MonitorFromPoint, address = 0x762794c9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = MonitorFromWindow, address = 0x76283622 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\msvcrt.dll | function = memset, address = 0x761c9790 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\msvcrt.dll | function = memcpy, address = 0x761c9910 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = ShellExecuteW, address = 0x764f3c71 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\shell32.dll | function = Shell_NotifyIconW, address = 0x765001c1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryW, address = 0x7720989c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryW, address = 0x7720978a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address = 0x77218409 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wininet.dll | function = DeleteUrlCacheEntryW, address = 0x77229573 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GetRawInputData, address = 0x762d4c21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = RegisterRawInputDevices, address = 0x76275b52 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleacc.dll | function = AccessibleObjectFromWindow, address = 0x732a2480 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\oleacc.dll | function = AccessibleChildren, address = 0x732a5d25 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadPreferredUILanguages, address = 0x777c22d7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SetThreadPreferredUILanguages, address = 0x777be627 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetThreadUILanguage, address = 0x777bae42 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetNativeSystemInfo, address = 0x777bbe77 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetDiskFreeSpaceExW, address = 0x777bde40 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address = 0x77bb9981 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeConditionVariable, address = 0x77c05a7b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address = 0x77b845a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address = 0x777b18be |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetLogicalProcessorInformation, address = 0x777b2004 |
|
2 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoCreateInstanceEx, address = 0x77669d4e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoInitializeEx, address = 0x776609ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoAddRefServerProcess, address = 0x77683cf3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoReleaseServerProcess, address = 0x77684314 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoResumeClassObjects, address = 0x7762ea02 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ole32.dll | function = CoSuspendClassObjects, address = 0x7768bb02 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\imm32.dll | function = ImmIsIME, address = 0x75fb2ceb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = AnimateWindow, address = 0x762a0620 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = UninitializeFlatSB, address = 0x74c9d1ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollProp, address = 0x74d6f81f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_EnableScrollBar, address = 0x74d6f84b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_ShowScrollBar, address = 0x74d6f83a |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_GetScrollRange, address = 0x74d6f829 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | function = FlatSB_SetScrollRange, address = 0x74d108a5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = SetLayeredWindowAttributes, address = 0x7627a6dc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = IsHungAppWindow, address = 0x762a7195 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = HungWindowFromGhostWindow, address = 0x762961f5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\user32.dll | function = GhostWindowFromHungWindow, address = 0x7627a561 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ncsi.dll | function = OleCreatePropertyFrame, address = 0x732820ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ncsi.dll | function = OleCreateFontIndirect, address = 0x732820b7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ncsi.dll | function = OleCreatePictureIndirect, address = 0x732820c8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ncsi.dll | function = OleLoadPicture, address = 0x732820d9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\kernel32.dll | function = GetFileSizeEx, address = 0x777c59ef |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ncsi.dll | function = InitSecurityInterfaceW, address = 0x75be5b53 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\wtsapi32.dll | function = WTSRegisterSessionNotification, address = 0x74691cbc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = BufferedPaintInit, address = 0x74b1940e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = OpenThemeData, address = 0x74b173d2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = CloseThemeData, address = 0x74b16a18 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeBackground, address = 0x74b13982 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeText, address = 0x74b14ea1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundContentRect, address = 0x74b1cd2e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundExtent, address = 0x74b1f8bf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemePartSize, address = 0x74b1cdb1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeTextExtent, address = 0x74b12d57 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeTextMetrics, address = 0x74b1f992 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBackgroundRegion, address = 0x74b2165d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = HitTestThemeBackground, address = 0x74b23ce3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeEdge, address = 0x74b33b52 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeIcon, address = 0x74b435e7 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemePartDefined, address = 0x74b185b4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemeBackgroundPartiallyTransparent, address = 0x74b160ab |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeColor, address = 0x74b1616c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeMetric, address = 0x74b206e2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeString, address = 0x74b422e4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeBool, address = 0x74b17c1f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeInt, address = 0x74b1616c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeEnumValue, address = 0x74b1616c |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemePosition, address = 0x74b42350 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeFont, address = 0x74b1ff21 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeRect, address = 0x74b23611 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeMargins, address = 0x74b186e9 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeIntList, address = 0x74b423b1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemePropertyOrigin, address = 0x74b33fbb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = SetWindowTheme, address = 0x74b20134 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeFilename, address = 0x74b42412 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysColor, address = 0x74b33274 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysColorBrush, address = 0x74b4301e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysBool, address = 0x74b43172 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysSize, address = 0x74b4320b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysFont, address = 0x74b429c4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysString, address = 0x74b42b3f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeSysInt, address = 0x74b42bd3 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemeActive, address = 0x74b1f785 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsAppThemed, address = 0x74b1f869 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetWindowTheme, address = 0x74b1df46 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = EnableThemeDialogTexture, address = 0x74b1fcaf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = IsThemeDialogTextureEnabled, address = 0x74b4312b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeAppProperties, address = 0x74b20fb1 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = SetThemeAppProperties, address = 0x74b43296 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetCurrentThemeName, address = 0x74b205dd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = GetThemeDocumentationProperty, address = 0x74b42932 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeParentBackground, address = 0x74b153e5 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = EnableTheming, address = 0x74b42feb |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\uxtheme.dll | function = DrawThemeTextEx, address = 0x74b163e6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = WSAStartup, address = 0x75fd3ab2 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = GetAddrInfoW, address = 0x75fd4889 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = GetNameInfoW, address = 0x75fd66af |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = FreeAddrInfoW, address = 0x75fd4b1b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = InetPtonW, address = 0x75fe39dc |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = InetNtopW, address = 0x75fe3abf |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = GetAddrInfoExW, address = 0x75fdd1ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = SetAddrInfoExW, address = 0x75fdf4f6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = FreeAddrInfoExW, address = 0x75fde14d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSASetSocketPeerTargetName, address = 0x7248bb1e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSADeleteSocketPeerTargetName, address = 0x7248bb4e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSAImpersonateSocketPeer, address = 0x7248bb7e |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSAQuerySocketSecurity, address = 0x7248baed |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\fwpuclnt.dll | function = WSARevertImpersonation, address = 0x7248bcfd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\idndl.dll | function = DownlevelGetLocaleScripts, address = 0x6ee92a5b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\idndl.dll | function = DownlevelGetStringScripts, address = 0x6ee92b2f |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\idndl.dll | function = DownlevelVerifyScripts, address = 0x6ee92dad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IdnToUnicode, address = 0x7781f707 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IdnToNameprepUnicode, address = 0x7781f6b4 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IdnToAscii, address = 0x777b8bb8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = IsNormalizedString, address = 0x7781f662 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\normaliz.dll | function = NormalizeString, address = 0x7781f5ea |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = socket, address = 0x75fd3eb8 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = getsockopt, address = 0x75fd737d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = setsockopt, address = 0x75fd41b6 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = htons, address = 0x75fd2d8b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = bind, address = 0x75fd4582 |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = getsockname, address = 0x75fd30af |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = ntohs, address = 0x75fd2d8b |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = connect, address = 0x75fd6bdd |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = WSAGetLastError, address = 0x75fd37ad |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = shutdown, address = 0x75fd449d |
|
1 | |
| GET_PROC_ADDRESS | c:\windows\system32\ws2_32.dll | function = closesocket, address = 0x75fd3918 |
|
1 |
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Locales |
|
2 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Borland\Locales |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
2 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | ||
| OPEN_KEY | HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
|
1 | ||
| OPEN_KEY | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409 |
|
1 | ||
| READ_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data_ident_out = 0 |
|
1 | |
| READ_VALUE | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes | value_name = MS Shell Dlg 2, data_ident_out = Tahoma |
|
1 |
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| CREATE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
18 | ||
| CREATE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| CREATE | Explorer | window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| FIND | k8w0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | ||
| SET_ATTRIBUTE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| SET_ATTRIBUTE | FrmMwM41n | class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| SET_ATTRIBUTE | FrmMwM41n | class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| SET_ATTRIBUTE | Explorer | class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 |
| Operation | Virtual Key Code | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| GET_INFO | 0 | result_out = 4 |
|
1 | |
| GET_INFO | KB_LOCALE_ID | os_tid = 0, result_out = 67699721 |
|
1 | |
| GET_INFO | KB_LOCALE_ID |
|
1 |
| Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|
| GET_CURSOR | x_out = 1428, y_out = 797 |
|
17 | |
| GET_CURSOR | x_out = 814, y_out = 22 |
|
4 | |
| SLEEP | duration = 1500 milliseconds (1.500 seconds) |
|
1 | |
| SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
2 | |
| SLEEP | duration = 60000 milliseconds (60.000 seconds) |
|
2 | |
| SLEEP | duration = 600000 milliseconds (600.000 seconds) |
|
1 | |
| GET_INFO | type = Hardware Information |
|
1 |
| Operation | Host | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| RESOLVE_NAME | carvas32ltda.com |
|
2 | ||
| RESOLVE_NAME | carva32ssa.com |
|
2 | ||
| RESOLVE_NAME | bandeivacomercial.com |
|
1 | ||
| RESOLVE_NAME | bandeivacomercio.com |
|
1 |
| Remote Address | Remote Port | L7Protocol | Success | Count |
|---|---|---|---|---|
| 187.191.100.112 | 80 |
|
6 |
