Malware Uses JAR | Sequential Behavior
Try VMRay Analyzer
| Host | Resolved to | Country | City | Protocol |
|---|---|---|---|---|
| N3EErvtwsM | ||||
| adom2.com.br | ||||
| carvas32ltda.com | ||||
| carva32ssa.com | ||||
| bandeivacomercial.com | ||||
| bandeivacomercio.com | ||||
| 187.191.100.112 | BR | TCP | ||
| localhost | 127.0.0.1 | HTTP |
| Information | Value |
|---|---|
| ID / OS PID | #1 / 0xb6c |
| OS Parent PID | 0x4f0 (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Users\DSsDPMx042\Desktop |
| File Name | c:\program files\java\jre1.8.0_92\bin\java.exe |
| Command Line | "C:\Program Files\Java\jre1.8.0_92\bin\java.exe" -jar "C:\Users\DSsDPMx042\Desktop\Duplicata0.jar" |
| Monitor | Start Time: 00:00:08, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:30, Reason: Terminated |
| Monitor Duration | 00:00:22 |
| OS Thread IDs |
#
1
0x B70
#
2
0x BC0
#
3
0x BC4
#
4
0x BC8
#
5
0x BCC
#
6
0x BD8
#
7
0x BD0
#
8
0x BD4
#
9
0x BE0
#
10
0x BDC
#
11
0x BE4
#
12
0x BEC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00042fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x001f7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000200000 | 0x00200000 | 0x00200fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000210000 | 0x00210000 | 0x00211fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000220000 | 0x00220000 | 0x00226fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000230000 | 0x00230000 | 0x0032ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000330000 | 0x00330000 | 0x00430fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000440000 | 0x00440000 | 0x00441fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000450000 | 0x00450000 | 0x00450fff | Private Memory | Readable |
|
|
|
|
| private_0x0000000000460000 | 0x00460000 | 0x00460fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000470000 | 0x00470000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004c0000 | 0x004c0000 | 0x004cffff | Private Memory | Readable, Writable |
|
|
|
|
| 2924 | 0x004d0000 | 0x004dffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x00000000004e0000 | 0x004e0000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000560000 | 0x00560000 | 0x00560fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000590000 | 0x00590000 | 0x0059ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005a0000 | 0x005a0000 | 0x0069ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000006a0000 | 0x006a0000 | 0x00a92fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00b9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000ba0000 | 0x00ba0000 | 0x00bfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c10000 | 0x00c10000 | 0x00c1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c20000 | 0x00c20000 | 0x00caffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000cb0000 | 0x00cb0000 | 0x00cfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000d40000 | 0x00d40000 | 0x00d8ffff | Private Memory | Readable, Writable |
|
|
|
|
| java.exe | 0x00da0000 | 0x00dd2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000de0000 | 0x00de0000 | 0x019dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| SortDefault.nls | 0x019e0000 | 0x01caefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001cb0000 | 0x01cb0000 | 0x03caffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003cb0000 | 0x03cb0000 | 0x03cfffff | Private Memory | Readable, Writable |
|
|
|
|
| kernel32.dll.mui | 0x03d00000 | 0x03dbffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000003e00000 | 0x03e00000 | 0x13dfffff | Private Memory | Readable, Writable |
|
|
|
|
| classes.jsa | 0x13e00000 | 0x143affff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000143b0000 | 0x143b0000 | 0x1480ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000014810000 | 0x14810000 | 0x1485ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000014870000 | 0x14870000 | 0x148bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000148d0000 | 0x148d0000 | 0x1491ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000014990000 | 0x14990000 | 0x149dffff | Private Memory | Readable, Writable |
|
|
|
|
| classes.jsa | 0x14a00000 | 0x14f6ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000014fb0000 | 0x14fb0000 | 0x14ffffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015000000 | 0x15000000 | 0x151fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015290000 | 0x15290000 | 0x1529ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000152b0000 | 0x152b0000 | 0x152bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015380000 | 0x15380000 | 0x153bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015400000 | 0x15400000 | 0x1544ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015450000 | 0x15450000 | 0x1554ffff | Private Memory | Readable, Writable |
|
|
|
|
| classes.jsa | 0x15600000 | 0x156bffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000015800000 | 0x15800000 | 0x1580ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000015940000 | 0x15940000 | 0x1597ffff | Private Memory | Readable, Writable |
|
|
|
|
| jvm.dll | 0x6d510000 | 0x6d8dafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcr100.dll | 0x6dee0000 | 0x6df9efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| net.dll | 0x6e0b0000 | 0x6e0c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| zip.dll | 0x6e0d0000 | 0x6e0e2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| java.dll | 0x6e0f0000 | 0x6e110fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pnrpnsp.dll | 0x6f1d0000 | 0x6f1e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winrnr.dll | 0x6f270000 | 0x6f277fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| NapiNSP.dll | 0x6f280000 | 0x6f28ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| verify.dll | 0x6f9b0000 | 0x6f9bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winmm.dll | 0x70ef0000 | 0x70f21fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| FWPUCLNT.DLL | 0x721e0000 | 0x72217fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x72300000 | 0x72306fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| IPHLPAPI.DLL | 0x72310000 | 0x7232bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasadhlp.dll | 0x72350000 | 0x72355fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wsock32.dll | 0x72f00000 | 0x72f06fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x73850000 | 0x7385ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x748a0000 | 0x748a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| WSHTCPIP.DLL | 0x74930000 | 0x74934fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x74ca0000 | 0x74ce3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wship6.dll | 0x74dd0000 | 0x74dd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x74de0000 | 0x74e1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77340000 | 0x77345fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77360000 | 0x77364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x773f0000 | 0x77424fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile | |
|---|---|---|---|---|---|---|
| FILE | CREATE | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 4 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 128 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 7 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1896818 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 363 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 120 |
|
1 | ||
| MOD | GET_HANDLE | module_name = c:\program files\java\jre1.8.0_92\bin\client\jvm.dll, base_address = 0x6d510000 |
|
1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\program files\java\jre1.8.0_92\bin\client\jvm.dll, function = JVM_GetVersionInfo, address = 0x6d60fed0 |
|
1 | ||
| SYS | GET_INFO | type = Hardware Information |
|
1 | ||
| MOD | LOAD | module_name = SHELL32.dll, base_address = 0x759e0000 |
|
1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = SHGetKnownFolderPath, address = 0x75a94ca0 |
|
1 | ||
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | ||
| FILE | OPEN | file_name = STD_ERROR_HANDLE |
|
1 | ||
| MOD | GET_HANDLE | module_name = c:\program files\java\jre1.8.0_92\bin\client\jvm.dll, base_address = 0x6d510000 |
|
1 | ||
| MOD | GET_FILENAME | module_name = c:\program files\java\jre1.8.0_92\bin\client\jvm.dll, file_name = C:\Program Files\Java\jre1.8.0_92\bin\client\jvm.dll |
|
1 | ||
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
1 | ||
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | ||
| FILE | OPEN | file_name = STD_ERROR_HANDLE |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1671 |
|
1 | ||
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | ||
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFinalPathNameByHandleW, address = 0x75934e2a |
|
1 | ||
| MOD | GET_HANDLE | module_name = c:\program files\java\jre1.8.0_92\bin\java.exe, base_address = 0xda0000 |
|
2 | ||
| FILE | CREATE | file_name = c:\program files\java\jre1.8.0_92\lib\ext\meta-index, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\ext\meta-index, size = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\ext\meta-index, size = 8192 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | WRITE | file_name = c:\users\dssdpmx042\.oracle_jre_usage\90737d32e3abaa4.timestamp, size = 50 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | ||
| FILE | CREATE | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 4 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 128 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 1188 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 123 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1016 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1132 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 985 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1132 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | ||
| FILE | CREATE | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 4 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 128 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 1188 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 123 |
|
2 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
2 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 123 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 2339 |
|
1 | ||
| FILE | CREATE | file_name = c:\program files\java\jre1.8.0_92\lib\meta-index, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\meta-index, size = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\meta-index, size = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_BACKUP_SEMANTICS |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 352 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 123 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 561 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 879 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 755 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 2044 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 2423 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 91 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1157 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 91 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 8192 |
|
2 | ||
| FILE | READ | file_name = c:\users\dssdpmx042\desktop\duplicata0.jar, size = 3879 |
|
1 | ||
| MOD | GET_HANDLE | module_name = c:\program files\java\jre1.8.0_92\bin\java.exe, base_address = 0xda0000 |
|
1 | ||
| SCK | CREATE | address_family = AF_INET6, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | ||
| DNS | GET_HOSTNAME | name = N3EErvtwsM |
|
1 | ||
| DNS | RESOLVE_NAME | host = N3EErvtwsM |
|
1 | ||
| FILE | CREATE | file_name = c:\program files\java\jre1.8.0_92\lib\security\java.security, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\security\java.security, size = 8192 |
|
3 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\security\java.security, size = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\security\java.security, size = 8192 |
|
1 | ||
| FILE | CREATE_DIR | file_name = c:\users\public\n3eg |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\id, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\id, size = 7 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\idw, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\idw, size = 2 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 44725 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 800 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1085 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 792 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1194 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 792 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1127 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 737 |
|
1 | ||
| FILE | CREATE | file_name = c:\program files\java\jre1.8.0_92\lib\net.properties, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\net.properties, size = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\net.properties, size = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 16003 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 4482 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 973 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 4050 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 975 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 3674 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 621 |
|
1 | ||
| MOD | GET_HANDLE | module_name = c:\program files\java\jre1.8.0_92\bin\java.exe, base_address = 0xda0000 |
|
1 | ||
| DNS | RESOLVE_NAME | host = adom2.com.br |
|
1 | ||
| SCK | CREATE | address_family = AF_INET6, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | ||
| SCK | CONNECT | remote_address = 0, remote_port = 80 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 751 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1874 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 7198 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 920 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1936 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 281 |
|
1 | ||
| SCK | SEND | size = 182, flags = NO_FLAG_SET, size_out = 182 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 748 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 2693 |
|
1 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 8192 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 3379 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 3246 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 100 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 2082 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 2282 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 683 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 681 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 2654 |
|
1 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 8192 |
|
201 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 7142 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1459 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1396 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 285 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\n3eg1.zip, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\n3eg1.zip, size = 1661608 |
|
1 | ||
| SCK | SEND | size = 182, flags = NO_FLAG_SET, size_out = 182 |
|
1 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 8192 |
|
91 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 3326 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\n3eg2.zip, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\n3eg2.zip, size = 748483 |
|
1 | ||
| SCK | SEND | size = 182, flags = NO_FLAG_SET, size_out = 182 |
|
1 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 8192 |
|
51 | ||
| SCK | RECV | size = 8192, flags = NO_FLAG_SET, size_out = 3816 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\n3eg4.zip, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\n3eg4.zip, size = 421293 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\n3eg4.zip, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 30 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 5 |
|
1 | ||
| FILE | CREATE | file_name = c:\users\public\n3eg\ljkg4, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 142 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 930 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 806 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 882 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 761 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 830 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 913 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 812 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 638 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 614 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 633 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 730 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 738 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 747 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 747 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 715 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 738 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 859 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 741 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 687 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 926 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 779 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 867 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 834 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 407 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
2 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 285 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 673 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 808 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 719 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 701 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 706 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 667 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 651 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 746 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 756 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 855 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 830 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 987 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 763 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 700 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 836 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 842 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 868 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 909 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 751 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 871 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 876 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 754 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 885 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 774 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 827 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 21 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 211 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1009 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 709 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 946 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 794 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 63 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 876 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 879 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 62 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 77 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 847 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 851 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 532 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 296 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 936 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 834 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 908 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 968 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1000 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 964 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 884 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 930 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 939 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 811 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 838 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 959 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 869 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 873 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 746 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 804 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 786 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 787 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 805 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 142 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1019 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 11 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 759 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 902 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 29 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 76 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 982 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 449 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 552 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 567 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 587 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 587 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 634 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 684 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 603 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 802 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 583 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 496 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 141 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 516 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 1024 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 479 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 538 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 490 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 495 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 496 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 496 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 492 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 496 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 496 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 494 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 495 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 493 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 493 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 488 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 496 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 494 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 494 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 491 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 505 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 507 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
| FILE | READ | file_name = c:\users\public\n3eg\n3eg4.zip, size = 512 |
|
1 | ||
| FILE | WRITE | file_name = c:\users\public\n3eg\ljkg4, size = 512 |
|
1 | ||
|
For performance reasons, the remaining 11264 entries are omitted.
Click to download all 12264 entries as text file (5.52 MB). |
||||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | |
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | |
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 1124 |
|
1 | |
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 160 |
|
1 | |
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 30 |
|
1 | |
| FILE | READ | file_name = c:\program files\java\jre1.8.0_92\lib\rt.jar, size = 3434 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #2 / 0xbf8 |
| OS Parent PID | 0xb6c (c:\program files\java\jre1.8.0_92\bin\java.exe) |
| Initial Working Directory | C:\Users\DSsDPMx042\Desktop |
| File Name | c:\windows\system32\regsvr32.exe |
| Command Line | regsvr32.exe /s \"C:\\Users\\Public\\N3Eg\\N3Eg2.51N3E\" #96 |
| Monitor | Start Time: 00:00:26, Reason: Child Process |
| Unmonitor | End Time: 00:00:30, Reason: Terminated |
| Monitor Duration | 00:00:04 |
| OS Thread IDs |
#
13
0x BFC |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address = 0x759422d7 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address = 0x7593e627 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address = 0x7593ae42 |
|
1 | |
| SYS | GET_INFO | type = Hardware Information |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Users\Public\N3Eg\N3Eg2.51N3E |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\system32\regsvr32.exe |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address = 0x7593be77 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address = 0x7593de40 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\system32\regsvr32.exe |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76ee0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address = 0x76ee4c28 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x76f5c802 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x76f5ec66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x76f05934 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x76f5d332 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x76f5dbd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x76f5e405 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x76f5f00a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x76f5f15e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x76f05a98 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x76f5ecfa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x76f5ee2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x76efb0dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address = 0x76ef6fab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address = 0x76f001a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address = 0x76ef699e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address = 0x76f06ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address = 0x76f26c12 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address = 0x76efdbd1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address = 0x76f07fdc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address = 0x76ef7a2a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address = 0x76f00355 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address = 0x77259981 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeConditionVariable, address = 0x772a5a7b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address = 0x772245a5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address = 0x759318be |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\system32\regsvr32.exe |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x7593f731 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32ListFirst, address = 0x759902e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32ListNext, address = 0x75990391 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32First, address = 0x75990429 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32Next, address = 0x75990614 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75990819 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32First, address = 0x7596443d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32Next, address = 0x75964505 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address = 0x7593fa35 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address = 0x7593faca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address = 0x7593fa35 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address = 0x7593faca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Thread32First, address = 0x75967e4c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Thread32Next, address = 0x75967edc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32First, address = 0x75990859 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32Next, address = 0x75990942 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32FirstW, address = 0x7593c59e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32NextW, address = 0x7593c11f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32FirstW, address = 0x7593c59e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32NextW, address = 0x7593c11f |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualAllocEx, address = 0x7593c1b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WriteProcessMemory, address = 0x7593c1de |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address = 0x7598f33b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address = 0x759459d7 |
|
1 | |
| PROC | OPEN | process_name = c:\windows\explorer.exe, os_pid = 0x4f0, desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| MEM | ALLOC | address = 0x4fd0000, process_name = c:\windows\explorer.exe, os_pid = 0x4f0, size = 66, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE |
|
1 | |
| MEM | WRITE | address = 0x4fd0000, process_name = c:\windows\explorer.exe, os_pid = 0x4f0, size = 66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address = 0x75953c01 |
|
1 | |
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0xc00, os_pid = 0x4f0, proc_address = 0x75953c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x75932004 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x75932004 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #3 / 0x4f0 |
| OS Parent PID | 0xffffffffffffffff (Unknown) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Monitor | Start Time: 00:00:29, Reason: Injection |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:03:21 |
| OS Thread IDs |
#
14
0x AB8
#
15
0x 9DC
#
16
0x 9D0
#
17
0x 9C4
#
18
0x 9B8
#
19
0x 9B4
#
20
0x 988
#
21
0x 93C
#
22
0x 91C
#
23
0x 914
#
24
0x 8C8
#
25
0x 4BC
#
26
0x 6A0
#
27
0x 678
#
28
0x 670
#
29
0x 658
#
30
0x 654
#
31
0x 5FC
#
32
0x 5E8
#
33
0x 5E0
#
34
0x 5C8
#
35
0x 5C4
#
36
0x 5C0
#
37
0x 5BC
#
38
0x 5B8
#
39
0x 5AC
#
40
0x 5A8
#
41
0x 5A4
#
42
0x 59C
#
43
0x 528
#
44
0x 524
#
45
0x 51C
#
46
0x 518
#
47
0x 514
#
48
0x 4FC
#
49
0x 4F4
#
50
0x C00
#
51
0x C04
#
52
0x C28
#
53
0x CAC
#
81
0x F00
#
94
0x F7C
#
101
0x 48C
#
102
0x 470 |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\system32\regsvr32.exe | 0xbfc | address = 0x4fd0000, size = 66 |
|
1 | |
| Create Remote Thread | c:\windows\system32\regsvr32.exe | 0xbfc | os_thread_id = 0xc00, address = 0x75953c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| KEYBOARD | GET_INFO | type = 0, result_out = 4 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Users\Public\N3Eg\N3Eg4.51N3E |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | LOAD | module_name = C:\Users\Public\N3Eg\N3Eg4.ENU, base_address = 0x0 |
|
1 | |
| MOD | LOAD | module_name = C:\Users\Public\N3Eg\N3Eg4.EN, base_address = 0x0 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExA, address = 0x7598f46f |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76ee0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address = 0x76ee4c28 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x76f5c802 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x76f5ec66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x76f05934 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x76f5d332 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x76f5dbd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x76f5e405 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x76f5f00a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x76f5f15e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x76f05a98 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x76f5ecfa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x76f5ee2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x76efb0dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address = 0x76ef6fab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address = 0x76f001a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address = 0x76ef699e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address = 0x76f06ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address = 0x76f26c12 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address = 0x76efdbd1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address = 0x76f07fdc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address = 0x76ef7a2a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address = 0x76f00355 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| FILE | CREATE | file_name = c:\users\public\n3eg\n3eg1.51n3e, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | READ | file_name = c:\users\public\n3eg\n3eg1.51n3e, size = 2689537 |
|
1 | |
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x76ee0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysFreeString, address = 0x76ee3e59 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysReAllocStringLen, address = 0x76ee7810 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysAllocStringLen, address = 0x76ee45d2 |
|
1 | |
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x76650000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address = 0x766646ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address = 0x7666468d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address = 0x7666469d |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MessageBoxA, address = 0x76cfea11 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharNextW, address = 0x76cb0be6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadStringW, address = 0x76cadfba |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address = 0x7594ba46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address = 0x75951da4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address = 0x75952fb6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = lstrlenW, address = 0x7594d9e8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address = 0x759576d6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = QueryPerformanceCounter, address = 0x7594bb9f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address = 0x7594ba60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetSystemInfo, address = 0x75953728 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVersion, address = 0x7594154e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CompareStringW, address = 0x75949bee |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocale, address = 0x75943de4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadLocale, address = 0x759688e6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultUILanguage, address = 0x7593731d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultUILanguage, address = 0x759422ef |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoW, address = 0x75956596 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address = 0x7595450e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = MultiByteToWideChar, address = 0x7595452b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address = 0x759539aa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryExW, address = 0x75944775 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address = 0x75953891 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address = 0x759533d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address = 0x7595374d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address = 0x75953c26 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address = 0x7595679e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address = 0x7594d9d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address = 0x7594bf00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = UnhandledExceptionFilter, address = 0x7595ed38 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RtlUnwind, address = 0x75937f70 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address = 0x7593eb60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address = 0x7595214f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ExitThread, address = 0x7722f611 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SwitchToThread, address = 0x7593eb24 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address = 0x7594bb80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address = 0x7595375d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address = 0x77259ac5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address = 0x77247760 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address = 0x772477a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address = 0x7725a149 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address = 0x759553b2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address = 0x75950e62 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address = 0x75951400 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address = 0x75951e46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address = 0x7594ca7c |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address = 0x759533d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address = 0x7593eb60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address = 0x7595395c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address = 0x7594bf00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsSetValue, address = 0x7594da88 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsGetValue, address = 0x7594da70 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsFree, address = 0x759513b8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsAlloc, address = 0x759535a1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address = 0x7594ca64 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LocalAlloc, address = 0x75953363 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address = 0x7594d9d0 |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetClassLongW, address = 0x76ca658b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassLongW, address = 0x76cb3860 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowLongW, address = 0x76cb4449 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowLongW, address = 0x76cb61b8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateWindowExW, address = 0x76caec7c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = keybd_event, address = 0x76cfec3b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = WindowFromPoint, address = 0x76cd6be9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = WaitMessage, address = 0x76cb66bd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = WaitForInputIdle, address = 0x76cd0397 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = UpdateWindow, address = 0x76caffa8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = UnregisterClassW, address = 0x76cab9ae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = UnhookWindowsHookEx, address = 0x76caadf9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = TranslateMessage, address = 0x76cb64c7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = TranslateMDISysAccel, address = 0x76cd1a5a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = TrackPopupMenu, address = 0x76cc2228 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SystemParametersInfoW, address = 0x76cae09a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SwitchDesktop, address = 0x76ca476b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowWindow, address = 0x76caf2a9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowScrollBar, address = 0x76cd3c89 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowOwnedPopups, address = 0x76cd28ca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowCaret, address = 0x76ca9334 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowRgn, address = 0x76ca99ec |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowsHookExW, address = 0x76cae30c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowTextW, address = 0x76cb612b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowPos, address = 0x76cb1bc4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowPlacement, address = 0x76ca7f78 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetTimer, address = 0x76cb52ef |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetScrollRange, address = 0x76ca8ec5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetScrollPos, address = 0x76cd04be |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetScrollInfo, address = 0x76cb48da |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetRect, address = 0x76cb498b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetPropW, address = 0x76cb5dc5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetParent, address = 0x76ca8314 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetMenuItemInfoW, address = 0x76cb1799 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetMenu, address = 0x76cd6b0e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetKeyboardState, address = 0x76cd695a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetForegroundWindow, address = 0x76cab225 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetFocus, address = 0x76caabad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetCursorPos, address = 0x76cec1b0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetCursor, address = 0x76cb3075 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetCapture, address = 0x76cd6932 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetActiveWindow, address = 0x76cb333a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SendMessageTimeoutW, address = 0x76cae459 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SendMessageA, address = 0x76caad60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SendMessageW, address = 0x76cb5539 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ScrollWindow, address = 0x76ccfc1d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ScreenToClient, address = 0x76caa506 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RemovePropW, address = 0x76cb5fe1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RemoveMenu, address = 0x76ca86e8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ReleaseDC, address = 0x76cb5421 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ReleaseCapture, address = 0x76cd69f2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterWindowMessageW, address = 0x76cadf8d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterClipboardFormatW, address = 0x76cadf8d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterClassW, address = 0x76caed4a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RedrawWindow, address = 0x76cb29bc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PostQuitMessage, address = 0x76cab308 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PostMessageW, address = 0x76cb447b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PeekMessageA, address = 0x76cb19a5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PeekMessageW, address = 0x76cb634a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = OpenDesktopW, address = 0x76cac669 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MsgWaitForMultipleObjectsEx, address = 0x76cae369 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MsgWaitForMultipleObjects, address = 0x76cb37d8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MoveWindow, address = 0x76ca8d29 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MessageBoxW, address = 0x76cfea5f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MessageBeep, address = 0x76cd2939 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MapWindowPoints, address = 0x76cb5caa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MapVirtualKeyW, address = 0x76cd6a7c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadStringW, address = 0x76cadfba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadKeyboardLayoutW, address = 0x76cec874 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadIconW, address = 0x76caf142 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadCursorW, address = 0x76caed90 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadBitmapW, address = 0x76ca6460 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = KillTimer, address = 0x76cb64f7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsZoomed, address = 0x76cb4ce9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindowVisible, address = 0x76cb4d69 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindowUnicode, address = 0x76cb2f55 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindowEnabled, address = 0x76caa9b9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindow, address = 0x76cb53ba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsIconic, address = 0x76cb4c8e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsDialogMessageA, address = 0x76cc2019 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsDialogMessageW, address = 0x76cb4104 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsChild, address = 0x76cb3a83 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = InvalidateRect, address = 0x76cb566d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = InsertMenuItemW, address = 0x76caaac5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = InsertMenuW, address = 0x76ca869a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = HideCaret, address = 0x76ca9348 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowThreadProcessId, address = 0x76caee32 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowTextW, address = 0x76cab8c5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowRect, address = 0x76cb558c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowPlacement, address = 0x76cd69de |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowDC, address = 0x76cb4ab7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetTopWindow, address = 0x76cd24d9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address = 0x76cb67cf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSystemMenu, address = 0x76cafd8b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSysColorBrush, address = 0x76caf1ed |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSysColor, address = 0x76cbdb7a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSubMenu, address = 0x76ca9c19 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetScrollRange, address = 0x76cd045a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetScrollPos, address = 0x76cd0e43 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetScrollInfo, address = 0x76cb2da3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetPropW, address = 0x76cb5bbe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetParent, address = 0x76cb6029 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindow, address = 0x76cb2780 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMessageTime, address = 0x76cd4231 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMessagePos, address = 0x76cd6703 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMessageExtraInfo, address = 0x76cab705 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuStringW, address = 0x76cd6528 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuState, address = 0x76cd67d2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuItemInfoW, address = 0x76caaefa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuItemID, address = 0x76ca9cd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuItemCount, address = 0x76caae39 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenu, address = 0x76cd6b68 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetLastActivePopup, address = 0x76cd6894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardState, address = 0x76cd6946 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardLayoutNameW, address = 0x76cefa13 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardLayoutList, address = 0x76ca935c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardLayout, address = 0x76cb3800 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyState, address = 0x76cb2b4d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyNameTextW, address = 0x76cefa03 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetIconInfo, address = 0x76cb2989 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetGUIThreadInfo, address = 0x76cb237e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetForegroundWindow, address = 0x76cb335d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetFocus, address = 0x76cb3a34 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDlgCtrlID, address = 0x76cab4e8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDesktopWindow, address = 0x76cb01a9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDCEx, address = 0x76cb2d57 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDC, address = 0x76cb544c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetCursorPos, address = 0x76caa4b3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetCursor, address = 0x76cd6408 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClipboardData, address = 0x76cc2ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClientRect, address = 0x76cb54dd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassNameW, address = 0x76cb2a29 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassInfoExW, address = 0x76cb095e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassInfoW, address = 0x76cb0ac2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetCapture, address = 0x76ca9dc7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetActiveWindow, address = 0x76cd3b33 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FrameRect, address = 0x76cd0eb0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FindWindowExW, address = 0x76cd712b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FindWindowW, address = 0x76caae0d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FillRect, address = 0x76cb5d56 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumWindows, address = 0x76cb375b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumThreadWindows, address = 0x76cab712 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumChildWindows, address = 0x76cb2948 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EndPaint, address = 0x76cb5d42 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EndMenu, address = 0x76ca8302 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnableWindow, address = 0x76ca8d02 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnableScrollBar, address = 0x76cd19ce |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnableMenuItem, address = 0x76cd43bc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawTextExW, address = 0x76cb5894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawTextW, address = 0x76cb5b6a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawMenuBar, address = 0x76cd15ae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawIconEx, address = 0x76cb2c32 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawIcon, address = 0x76ca6427 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawFrameControl, address = 0x76ccb4f9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawFocusRect, address = 0x76cd3091 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawEdge, address = 0x76cb311a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DispatchMessageA, address = 0x76cb2e32 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DispatchMessageW, address = 0x76cbcc61 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyWindow, address = 0x76cab2f4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyMenu, address = 0x76ca87f7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyIcon, address = 0x76caa77f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyCursor, address = 0x76caa77f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DeleteMenu, address = 0x76ca83c2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DefWindowProcW, address = 0x76cb507d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DefMDIChildProcW, address = 0x76cd150a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DefFrameProcW, address = 0x76cd152b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreatePopupMenu, address = 0x76ca867c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateMenu, address = 0x76cd6aed |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateIcon, address = 0x76cc7510 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateDesktopW, address = 0x76ca40cf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CopyImage, address = 0x76ca87a6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CloseDesktop, address = 0x76cac4ce |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ClientToScreen, address = 0x76cb1316 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CheckMenuItem, address = 0x76ccee7c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharUpperBuffW, address = 0x76cbebd5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharUpperW, address = 0x76cbe981 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharNextW, address = 0x76cb0be6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharLowerBuffW, address = 0x76cb3afe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharLowerW, address = 0x76caba8a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CallWindowProcW, address = 0x76cb1b3c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CallNextHookEx, address = 0x76caabe1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = BeginPaint, address = 0x76cb5d14 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = AdjustWindowRectEx, address = 0x76cb48ba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ActivateKeyboardLayout, address = 0x76ca8203 |
|
1 | |
| MOD | LOAD | module_name = gdi32.dll, base_address = 0x76dd0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = UnrealizeObject, address = 0x76ddfb63 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = StretchBlt, address = 0x76ddf467 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetWindowOrgEx, address = 0x76dd8546 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetWinMetaFileBits, address = 0x76e0d957 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetViewportOrgEx, address = 0x76dd834f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetTextColor, address = 0x76dd6906 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetStretchBltMode, address = 0x76dd7705 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetROP2, address = 0x76ddf9e0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetPixel, address = 0x76df14f3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetMapMode, address = 0x76ddefbf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetEnhMetaFileBits, address = 0x76deb380 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetDIBits, address = 0x76dda995 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetDIBColorTable, address = 0x76df1492 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetBrushOrgEx, address = 0x76ddc4c5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetBkMode, address = 0x76dd69b1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetBkColor, address = 0x76dd6a3c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SelectPalette, address = 0x76dda1f6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SelectObject, address = 0x76dd6640 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SaveDC, address = 0x76dda74b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RoundRect, address = 0x76df016d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RestoreDC, address = 0x76dda67b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Rectangle, address = 0x76ddf1ff |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RectVisible, address = 0x76dd8f13 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RealizePalette, address = 0x76ddef91 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Polyline, address = 0x76de05cf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Polygon, address = 0x76ddfb87 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PolyBezierTo, address = 0x76e06c25 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PolyBezier, address = 0x76e06b03 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PlayEnhMetaFile, address = 0x76de990d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Pie, address = 0x76e0569f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PatBlt, address = 0x76dd62af |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = MoveToEx, address = 0x76dd8c21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = MaskBlt, address = 0x76ddc7ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = LineTo, address = 0x76ddf59b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = LPtoDP, address = 0x76dd8484 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = IntersectClipRect, address = 0x76dd7dfe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetWindowOrgEx, address = 0x76ddd1bf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetWinMetaFileBits, address = 0x76e0d7cb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetTextMetricsW, address = 0x76dd7b8f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetTextExtentPointW, address = 0x76ddb358 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetTextExtentPoint32W, address = 0x76ddb4b5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetSystemPaletteEntries, address = 0x76ddc2e1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetStockObject, address = 0x76dd5ddf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetRgnBox, address = 0x76dd621f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetPixel, address = 0x76ddc3d5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetPaletteEntries, address = 0x76ddc2aa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetObjectW, address = 0x76dd7568 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFilePaletteEntries, address = 0x76e0d1ac |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFileHeader, address = 0x76decd3a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFileDescriptionW, address = 0x76e0dc6b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFileBits, address = 0x76decdc8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetDeviceCaps, address = 0x76dd6f7f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetDIBits, address = 0x76dda23b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetDIBColorTable, address = 0x76dda149 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetCurrentPositionEx, address = 0x76dd8d78 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetClipBox, address = 0x76dd8525 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetBrushOrgEx, address = 0x76ddc943 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetBitmapBits, address = 0x76ddc1ba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GdiFlush, address = 0x76dd5fe4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = FrameRgn, address = 0x76e05ae2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ExtTextOutW, address = 0x76dd8192 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ExtFloodFill, address = 0x76defd94 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ExcludeClipRect, address = 0x76dd9218 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = EnumFontFamiliesExW, address = 0x76ddce94 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Ellipse, address = 0x76e055e3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = DeleteObject, address = 0x76dd5f14 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = DeleteEnhMetaFile, address = 0x76debda2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = DeleteDC, address = 0x76dd6eaa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateSolidBrush, address = 0x76dd6b49 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateRectRgn, address = 0x76dd633b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreatePenIndirect, address = 0x76de744d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreatePalette, address = 0x76ddb1b0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateHalftonePalette, address = 0x76ddc2cd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateFontIndirectW, address = 0x76ddabfc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateEnhMetaFileW, address = 0x76decc1f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateDIBitmap, address = 0x76dda379 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateDIBSection, address = 0x76dd8850 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateCompatibleDC, address = 0x76dd6888 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateCompatibleBitmap, address = 0x76dd73ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateBrushIndirect, address = 0x76dd993c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateBitmap, address = 0x76dd6b79 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CopyEnhMetaFileW, address = 0x76e0d651 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CombineRgn, address = 0x76dd651e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CloseEnhMetaFile, address = 0x76dec3fe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Chord, address = 0x76e054fa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = BitBlt, address = 0x76dd72c0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ArcTo, address = 0x76e05436 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Arc, address = 0x76e0534e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = AngleArc, address = 0x76e05299 |
|
1 | |
| MOD | LOAD | module_name = version.dll, base_address = 0x748a0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\version.dll, function = VerQueryValueW, address = 0x748a1b51 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\version.dll, function = GetFileVersionInfoSizeW, address = 0x748a19d9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\version.dll, function = GetFileVersionInfoW, address = 0x748a19f4 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address = 0x75951400 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address = 0x7598e5fd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address = 0x7595450e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WaitForSingleObject, address = 0x7594ba90 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjectsEx, address = 0x7594bc00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualQueryEx, address = 0x75934e42 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address = 0x759576d6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualProtect, address = 0x75942341 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address = 0x75951da4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address = 0x75952fb6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SwitchToThread, address = 0x7593eb24 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SuspendThread, address = 0x75960ca9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address = 0x7594ba46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SizeofResource, address = 0x75943e7f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadPriority, address = 0x75944815 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadLocale, address = 0x759688e6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetLastError, address = 0x7594bb08 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address = 0x7594db36 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetEvent, address = 0x7594bccc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetErrorMode, address = 0x75954a51 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetEndOfFile, address = 0x75942319 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ResumeThread, address = 0x75940f1c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ResetEvent, address = 0x7594bcb4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RemoveDirectoryW, address = 0x7593586a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address = 0x759496fb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address = 0x7593eb60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address = 0x759459d7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = MulDiv, address = 0x7594b7a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LockResource, address = 0x7593fd29 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address = 0x7594ca64 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadResource, address = 0x7594984d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address = 0x75953c01 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address = 0x77247760 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocale, address = 0x75943de4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address = 0x7725a149 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapFree, address = 0x7594bbd0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapDestroy, address = 0x75942301 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapCreate, address = 0x75953ea2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapAlloc, address = 0x77252dd6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalUnlock, address = 0x75949d50 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalSize, address = 0x7593eb78 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalLock, address = 0x75949e05 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalFree, address = 0x75949cf9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalFindAtomW, address = 0x7594912d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalDeleteAtom, address = 0x7593f16c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address = 0x75949ce1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalAddAtomW, address = 0x759470f9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVolumeInformationW, address = 0x75957598 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address = 0x75943b1a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVersion, address = 0x7594154e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLCID, address = 0x75956584 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTimeZoneInformation, address = 0x75938a3b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address = 0x7594ba60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadPriority, address = 0x75949147 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadLocale, address = 0x7594153c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTempPathW, address = 0x75938b33 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address = 0x75951e46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address = 0x759533d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address = 0x7595374d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address = 0x75953c26 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoW, address = 0x75956596 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLocalTime, address = 0x7594a90e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address = 0x7594bf00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFullPathNameW, address = 0x75954543 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address = 0x75940273 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address = 0x759564ff |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetExitCodeThread, address = 0x75936ddd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetEnvironmentVariableW, address = 0x759565c4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceW, address = 0x75933530 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatW, address = 0x7594afab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address = 0x7594bb80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThread, address = 0x75953351 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessId, address = 0x7594cac4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address = 0x7594cdcf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameW, address = 0x759403ff |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfoExW, address = 0x75938b1b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfo, address = 0x75951e2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address = 0x759539aa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeResource, address = 0x7593f1bd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InterlockedExchange, address = 0x7594bf0a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InterlockedCompareExchange, address = 0x7594bb92 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address = 0x7594d9d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FormatMessageW, address = 0x759454a3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindResourceW, address = 0x75943e61 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address = 0x7594963a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address = 0x759553b2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address = 0x75950e62 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FileTimeToLocalFileTime, address = 0x75952004 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FileTimeToDosDateTime, address = 0x75942ce1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesW, address = 0x7598f3df |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnumCalendarInfoW, address = 0x7598f38f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address = 0x772477a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address = 0x75940f62 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address = 0x77259ac5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address = 0x7595375d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address = 0x7590204d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address = 0x7594cc56 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateEventW, address = 0x75953386 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address = 0x75943925 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CompareStringW, address = 0x75949bee |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address = 0x7594ca7c |
|
1 | |
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x76650000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address = 0x766614d6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address = 0x766646ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegQueryInfoKeyW, address = 0x766646e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address = 0x7666468d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegFlushKey, address = 0x7667773f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegEnumKeyExW, address = 0x766646c8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExW, address = 0x766640fe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address = 0x7666469d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address = 0x7666157a |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address = 0x7594ba46 |
|
1 | |
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x76ee0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayPtrOfIndex, address = 0x76efe1ce |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetUBound, address = 0x76efe127 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetLBound, address = 0x76efe173 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayCreate, address = 0x76efe263 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeType, address = 0x76ee5dee |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantCopyInd, address = 0x76efe86c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantCopy, address = 0x76ee48f1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantClear, address = 0x76ee3eae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantInit, address = 0x76ee3ed5 |
|
1 | |
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x76ee0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = GetErrorInfo, address = 0x76ee3f21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = GetActiveObject, address = 0x76f28f58 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysFreeString, address = 0x76ee3e59 |
|
1 | |
| MOD | LOAD | module_name = ole32.dll, base_address = 0x76a90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CreateStreamOnHGlobal, address = 0x76ab363b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = IsAccelerator, address = 0x76b5043e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleDraw, address = 0x76b10286 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleSetMenuDescriptor, address = 0x76aedc53 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleUninitialize, address = 0x76aaeba1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleInitialize, address = 0x76aaefd7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoTaskMemFree, address = 0x76ae6f41 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoTaskMemAlloc, address = 0x76adea4c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = ProgIDFromCLSID, address = 0x76b1ef82 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = StringFromCLSID, address = 0x76aaeb17 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address = 0x76ad9d0b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoGetClassObject, address = 0x76ac54ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoUninitialize, address = 0x76ad86d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address = 0x76aab636 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = IsEqualGUID, address = 0x76b5041c |
|
1 | |
| MOD | LOAD | module_name = comctl32.dll, base_address = 0x74110000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address = 0x741ef803 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address = 0x741907d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address = 0x74190894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address = 0x741908c7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address = 0x741ef80e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address = 0x741908b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = _TrackMouseEvent, address = 0x741922d1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetIconSize, address = 0x741fb44e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetIconSize, address = 0x741250df |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Write, address = 0x74158b97 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Read, address = 0x74113eae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetDragImage, address = 0x741fafbb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragShowNolock, address = 0x741fb161 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragMove, address = 0x741fb0f0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragLeave, address = 0x741fb12a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragEnter, address = 0x741fb0b3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_EndDrag, address = 0x741fa177 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_BeginDrag, address = 0x741fb021 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetIcon, address = 0x7413af2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Remove, address = 0x7413e333 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DrawEx, address = 0x741210fd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Draw, address = 0x741ac687 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetBkColor, address = 0x7412e8d2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetBkColor, address = 0x74190183 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Add, address = 0x74168fa1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetImageCount, address = 0x74165249 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetImageCount, address = 0x7411a8b9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Destroy, address = 0x74126471 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Create, address = 0x74123c75 |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address = 0x76cb34a3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoW, address = 0x76cb33e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address = 0x76ca94c9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address = 0x76cb3622 |
|
1 | |
| MOD | LOAD | module_name = msvcrt.dll, base_address = 0x76f70000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\msvcrt.dll, function = memset, address = 0x76f79790 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\msvcrt.dll, function = memcpy, address = 0x76f79910 |
|
1 | |
| MOD | LOAD | module_name = shell32.dll, base_address = 0x759e0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address = 0x759f3c71 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = Shell_NotifyIconW, address = 0x75a001c1 |
|
1 | |
| MOD | LOAD | module_name = wininet.dll, base_address = 0x75650000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = FindNextUrlCacheEntryW, address = 0x7568989c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = FindFirstUrlCacheEntryW, address = 0x7568978a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = FindCloseUrlCache, address = 0x75698409 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = DeleteUrlCacheEntryW, address = 0x756a9573 |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetRawInputData, address = 0x76d04c21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterRawInputDevices, address = 0x76ca5b52 |
|
1 | |
| MOD | LOAD | module_name = oleacc.dll, base_address = 0x72190000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleacc.dll, function = AccessibleObjectFromWindow, address = 0x72192480 |
|
1 | |
| MOD | LOAD | module_name = OLEACC.DLL, base_address = 0x72190000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleacc.dll, function = AccessibleChildren, address = 0x72195d25 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address = 0x759422d7 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address = 0x7593e627 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address = 0x7593ae42 |
|
1 | |
| SYS | GET_INFO | type = Hardware Information |
|
1 | |
| MOD | GET_FILENAME | file_name = |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address = 0x7593be77 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address = 0x7593de40 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x76ee0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address = 0x76ee4c28 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x76f5c802 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x76f5ec66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x76f05934 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x76f5d332 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x76f5dbd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x76f5e405 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x76f5f00a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x76f5f15e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x76f05a98 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x76f5ecfa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x76f5ee2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x76efb0dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address = 0x76ef6fab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address = 0x76f001a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address = 0x76ef699e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address = 0x76f06ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address = 0x76f26c12 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address = 0x76efdbd1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address = 0x76f07fdc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address = 0x76ef7a2a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address = 0x76f00355 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address = 0x77259981 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeConditionVariable, address = 0x772a5a7b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address = 0x772245a5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address = 0x759318be |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data_ident_out = Tahoma |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x75932004 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x75932004 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\ole32.dll, base_address = 0x76a90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstanceEx, address = 0x76ad9d4e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address = 0x76ad09ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoAddRefServerProcess, address = 0x76af3cf3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoReleaseServerProcess, address = 0x76af4314 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoResumeClassObjects, address = 0x76a9ea02 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoSuspendClassObjects, address = 0x76afbb02 |
|
1 | |
| MOD | LOAD | module_name = imm32.dll, base_address = 0x76630000 |
|
1 | |
| KEYBOARD | GET_INFO | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| KEYBOARD | GET_INFO | type = KB_LOCALE_ID |
|
1 | |
| MOD | LOAD | module_name = imm32.dll, base_address = 0x76630000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\imm32.dll, function = ImmIsIME, address = 0x76632ceb |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address = 0x76cd0620 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74110000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address = 0x741ef803 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address = 0x7411d1ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address = 0x741ef81f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address = 0x741907d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address = 0x741ef84b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address = 0x741ef83a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address = 0x741ef829 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address = 0x741908b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address = 0x741ef80e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address = 0x74190894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address = 0x741908c7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address = 0x741908a5 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address = 0x76caa6dc |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\user32.dll, base_address = 0x76ca0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsHungAppWindow, address = 0x76cd7195 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = HungWindowFromGhostWindow, address = 0x76cc61f5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GhostWindowFromHungWindow, address = 0x76caa561 |
|
1 | |
| MOD | LOAD | module_name = olepro32.dll, base_address = 0x6e100000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\olepro32.dll, function = OleCreatePropertyFrame, address = 0x6e1020ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\olepro32.dll, function = OleCreateFontIndirect, address = 0x6e1020b7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\olepro32.dll, function = OleCreatePictureIndirect, address = 0x6e1020c8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\olepro32.dll, function = OleLoadPicture, address = 0x6e1020d9 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address = 0x759459ef |
|
1 | |
| MOD | LOAD | module_name = security.dll, base_address = 0x6f9b0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\security.dll, function = InitSecurityInterfaceW, address = 0x75285b53 |
|
1 | |
| WND | CREATE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| MOD | LOAD | module_name = wtsapi32.dll, base_address = 0x73c50000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address = 0x73c51cbc |
|
1 | |
| MOD | LOAD | module_name = uxtheme.dll, base_address = 0x74090000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address = 0x7409940e |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| MOD | LOAD | module_name = uxtheme.dll, base_address = 0x74090000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address = 0x740973d2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address = 0x74096a18 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address = 0x74093982 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address = 0x74094ea1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address = 0x7409cd2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address = 0x7409f8bf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address = 0x7409cdb1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address = 0x74092d57 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address = 0x7409f992 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address = 0x740a165d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address = 0x740a3ce3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address = 0x740b3b52 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address = 0x740c35e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address = 0x740985b4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address = 0x740960ab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address = 0x7409616c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address = 0x740a06e2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address = 0x740c22e4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address = 0x74097c1f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address = 0x7409616c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address = 0x7409616c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address = 0x740c2350 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address = 0x7409ff21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address = 0x740a3611 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address = 0x740986e9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address = 0x740c23b1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address = 0x740b3fbb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address = 0x740a0134 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address = 0x740c2412 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address = 0x740b3274 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address = 0x740c301e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address = 0x740c3172 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address = 0x740c320b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address = 0x740c29c4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address = 0x740c2b3f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address = 0x740c2bd3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address = 0x7409f785 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address = 0x7409f869 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address = 0x7409df46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address = 0x7409fcaf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address = 0x740c312b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address = 0x740a0fb1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address = 0x740c3296 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address = 0x740a05dd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address = 0x740c2932 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address = 0x740953e5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address = 0x740c2feb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address = 0x740963e6 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 1500 milliseconds (1.500 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 60000 milliseconds (60.000 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 60000 milliseconds (60.000 seconds) |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = Explorer, window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| WND | FIND | window_name = k8w0 |
|
1 | |
| SYS | SLEEP | duration = 600000 milliseconds (600.000 seconds) |
|
1 | |
| FILE | DELETE | file_name = c:\users\public\n3eg\n3e.vbs |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\wvs, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | WRITE | file_name = c:\users\public\n3eg\wvs, size = 4 |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\idw, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | READ | file_name = c:\users\public\n3eg\idw, size = 2 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value_name = xacwe, data = regsvr32.exe /s "C:\Users\Public\N3Eg\N3Eg2.51N3E" #96 |
|
1 | |
| SYS | SLEEP | duration = 20000 milliseconds (20.000 seconds) |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\idx, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | WRITE | file_name = c:\users\public\n3eg\idx, size = 10 |
|
1 | |
| SYS | SLEEP | duration = 70000 milliseconds (70.000 seconds) |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| SYS | GET_CURSOR | x_out = 991, y_out = 872 |
|
12 | |
| SYS | GET_CURSOR | x_out = 1126, y_out = 518 |
|
10 | |
| MOD | LOAD | module_name = WS2_32.DLL, base_address = 0x773f0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = WSAStartup, address = 0x773f3ab2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = GetAddrInfoW, address = 0x773f4889 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = GetNameInfoW, address = 0x773f66af |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = FreeAddrInfoW, address = 0x773f4b1b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = InetPtonW, address = 0x774039dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = InetNtopW, address = 0x77403abf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = GetAddrInfoExW, address = 0x773fd1ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = SetAddrInfoExW, address = 0x773ff4f6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = FreeAddrInfoExW, address = 0x773fe14d |
|
1 | |
| MOD | LOAD | module_name = Fwpuclnt.dll, base_address = 0x721e0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSASetSocketPeerTargetName, address = 0x721fbb1e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSADeleteSocketPeerTargetName, address = 0x721fbb4e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSAImpersonateSocketPeer, address = 0x721fbb7e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSAQuerySocketSecurity, address = 0x721fbaed |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSARevertImpersonation, address = 0x721fbcfd |
|
1 | |
| MOD | LOAD | module_name = IdnDL.dll, base_address = 0x6e0f0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\idndl.dll, function = DownlevelGetLocaleScripts, address = 0x6e0f2a5b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\idndl.dll, function = DownlevelGetStringScripts, address = 0x6e0f2b2f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\idndl.dll, function = DownlevelVerifyScripts, address = 0x6e0f2dad |
|
1 | |
| MOD | LOAD | module_name = Normaliz.dll, base_address = 0x75820000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IdnToUnicode, address = 0x7599f707 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IdnToNameprepUnicode, address = 0x7599f6b4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IdnToAscii, address = 0x75938bb8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IsNormalizedString, address = 0x7599f662 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = NormalizeString, address = 0x7599f5ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = socket, address = 0x773f3eb8 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = getsockopt, address = 0x773f737d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = setsockopt, address = 0x773f41b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = htons, address = 0x773f2d8b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = bind, address = 0x773f4582 |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = getsockname, address = 0x773f30af |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = ntohs, address = 0x773f2d8b |
|
1 | |
| DNS | RESOLVE_NAME | host = carvas32ltda.com |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = connect, address = 0x773f6bdd |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = WSAGetLastError, address = 0x773f37ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = shutdown, address = 0x773f449d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = closesocket, address = 0x773f3918 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carva32ssa.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = bandeivacomercial.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = bandeivacomercio.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SYS | SLEEP | duration = 600000 milliseconds (600.000 seconds) |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carvas32ltda.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carva32ssa.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = bandeivacomercial.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = bandeivacomercio.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| USER | GET_CURRENT | user_name = DSsDPMx042 |
|
2 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\n3e.vbs, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | WRITE | file_name = c:\users\public\n3eg\n3e.vbs, size = 4199 |
|
1 | |
| PROC | CREATE | process_name = cmd /k "C:\Users\Public\N3Eg\N3E.vbs", show_window = SW_HIDE |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\id, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | READ | file_name = c:\users\public\n3eg\id, size = 7 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x7593f731 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32ListFirst, address = 0x759902e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32ListNext, address = 0x75990391 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32First, address = 0x75990429 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32Next, address = 0x75990614 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x75990819 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32First, address = 0x7596443d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32Next, address = 0x75964505 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address = 0x7593fa35 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address = 0x7593faca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address = 0x7593fa35 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address = 0x7593faca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Thread32First, address = 0x75967e4c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Thread32Next, address = 0x75967edc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32First, address = 0x75990859 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32Next, address = 0x75990942 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32FirstW, address = 0x7593c59e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32NextW, address = 0x7593c11f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32FirstW, address = 0x7593c59e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32NextW, address = 0x7593c11f |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VerLanguageNameW, address = 0x75938ca1 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultLangID, address = 0x7593db6e |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = adom2.com.br |
|
1 | |
| SCK | CONNECT | remote_address = 127.0.0.1, remote_port = 80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = getpeername, address = 0x773f7147 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = send, address = 0x773f6f01 |
|
1 | |
| SCK | SEND | size = 331, flags = NO_FLAG_SET, size_out = 331 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = select, address = 0x773f6989 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = recv, address = 0x773f6b0e |
|
1 | |
| SCK | RECV | size = 32768, flags = NO_FLAG_SET, size_out = 523 |
|
1 | |
| SCK | RECV | size = 32768, flags = NO_FLAG_SET, size_out = 453 |
|
1 | |
| SCK | RECV | size = 32768, flags = NO_FLAG_SET, size_out = 246 |
|
1 | |
| SCK | RECV | size = 32768, flags = NO_FLAG_SET, size_out = 200 |
|
1 | |
| SCK | RECV | size = 32768, flags = NO_FLAG_SET, size_out = 9 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carvas32ltda.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #5 / 0xef8 |
| OS Parent PID | 0x4f0 (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /k "C:\Users\Public\N3Eg\N3E.vbs" |
| Monitor | Start Time: 00:03:41, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:09 |
| OS Thread IDs |
#
80
0x EFC
#
82
0x F18
#
83
0x F1C
#
84
0x F20
#
85
0x F24 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x001bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000200000 | 0x00200000 | 0x00201fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000220000 | 0x00220000 | 0x002e7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002f0000 | 0x002f0000 | 0x002f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000300000 | 0x00300000 | 0x00301fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000310000 | 0x00310000 | 0x00310fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000320000 | 0x00320000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000420000 | 0x00420000 | 0x00520fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000530000 | 0x00530000 | 0x0112ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001130000 | 0x01130000 | 0x013bafff | Pagefile Backed Memory | Readable |
|
|
|
|
| SortDefault.nls | 0x013c0000 | 0x0168efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001690000 | 0x01690000 | 0x01690fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x016a0000 | 0x016a3fff | Memory Mapped File | Readable |
|
|
|
|
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db | 0x016b0000 | 0x016ccfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000016d0000 | 0x016d0000 | 0x016d0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db | 0x016e0000 | 0x0170ffff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x01710000 | 0x01713fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001720000 | 0x01720000 | 0x01720fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001740000 | 0x01740000 | 0x0183ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001840000 | 0x01840000 | 0x0191efff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001950000 | 0x01950000 | 0x0198ffff | Private Memory | Readable, Writable |
|
|
|
|
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x01990000 | 0x019f5fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001a00000 | 0x01a00000 | 0x01df2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001e00000 | 0x01e00000 | 0x01efffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001f90000 | 0x01f90000 | 0x0208ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|
|
|
| cmd.exe | 0x4a810000 | 0x4a85bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x6dd80000 | 0x6dd86fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x739c0000 | 0x739e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x74090000 | 0x740cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x745a0000 | 0x74694fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x752a0000 | 0x752abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x753c0000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x753d0000 | 0x754ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x754f0000 | 0x75501fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75590000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75650000 | 0x75744fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Wldap32.dll | 0x757d0000 | 0x75814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x766f0000 | 0x7688cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x76890000 | 0x76a8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76e20000 | 0x76ea2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76ee0000 | 0x76f6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x770c0000 | 0x771f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a810000 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address = 0x759524c2 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
3 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
2 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 64 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 9 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 9 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 9 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\system32\cmd.exe |
|
1 | |
| PROC | SET_CURDIR | process_name = c:\windows\system32\cmd.exe, os_pid = 0xef8, new_path_name = c:\windows\system32 |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
4 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address = 0x7593ac6c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address = 0x75952732 |
|
1 | |
| PROC | CREATE | process_name = C:\Users\Public\N3Eg\N3E.vbs, os_tid = 0x0, os_pid = 0x0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, current_directory = C:\Windows\system32, show_window = SW_SHOWNORMAL |
|
1 | |
| MOD | LOAD | module_name = SHELL32.dll, base_address = 0x759e0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteExW, address = 0x75a01e46 |
|
1 | |
| PROC | CREATE | process_name = C:\Users\Public\N3Eg\N3E.vbs, current_directory = C:\Windows\system32, show_window = SW_SHOWNORMAL |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #6 / 0xf28 |
| OS Parent PID | 0xef8 (c:\windows\system32\cmd.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\wscript.exe |
| Command Line | "C:\Windows\System32\WScript.exe" "C:\Users\Public\N3Eg\N3E.vbs" |
| Monitor | Start Time: 00:03:42, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:08 |
| OS Thread IDs |
#
86
0x F2C
#
87
0x F30
#
88
0x F34
#
89
0x F38
#
90
0x F3C
#
91
0x F40
#
92
0x F44
#
93
0x F48 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| wscript.exe.mui | 0x00050000 | 0x00052fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|
|
|
| wscript.exe | 0x00080000 | 0x000a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x002b0000 | 0x00316fff | Memory Mapped File | Readable |
|
|
|
|
| wscript.exe | 0x00320000 | 0x0032efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000330000 | 0x00330000 | 0x00330fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000340000 | 0x00340000 | 0x00340fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000350000 | 0x00350000 | 0x00351fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000370000 | 0x00370000 | 0x00437fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000440000 | 0x00440000 | 0x00540fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000550000 | 0x00550000 | 0x0114ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| scrrun.dll | 0x01150000 | 0x01164fff | Memory Mapped File | Readable |
|
|
|
|
| shell32.dll | 0x01170000 | 0x01182fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001190000 | 0x01190000 | 0x01190fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000011a0000 | 0x011a0000 | 0x011a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x011b0000 | 0x011b0fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000011c0000 | 0x011c0000 | 0x011c1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000011d0000 | 0x011d0000 | 0x011d1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x011e0000 | 0x011e3fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000011f0000 | 0x011f0000 | 0x011f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001200000 | 0x01200000 | 0x0123ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001240000 | 0x01240000 | 0x0131efff | Pagefile Backed Memory | Readable |
|
|
|
|
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db | 0x01320000 | 0x0133cfff | Memory Mapped File | Readable |
|
|
|
|
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db | 0x01340000 | 0x0136ffff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x01370000 | 0x01373fff | Memory Mapped File | Readable |
|
|
|
|
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x01380000 | 0x013e5fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000013f0000 | 0x013f0000 | 0x013f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001400000 | 0x01400000 | 0x014fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001500000 | 0x01500000 | 0x015fffff | Private Memory | Readable, Writable |
|
|
|
|
| SortDefault.nls | 0x01600000 | 0x018cefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001920000 | 0x01920000 | 0x01a1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001a60000 | 0x01a60000 | 0x01b5ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001b60000 | 0x01b60000 | 0x01f5ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002050000 | 0x02050000 | 0x0205ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002060000 | 0x02060000 | 0x0215ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002200000 | 0x02200000 | 0x022fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000023b0000 | 0x023b0000 | 0x024affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000024b0000 | 0x024b0000 | 0x028a2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000028b0000 | 0x028b0000 | 0x029affff | Private Memory | Readable, Writable |
|
|
|
|
| comctl32.dll | 0x6c1c0000 | 0x6c243fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vbscript.dll | 0x6c4c0000 | 0x6c52afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrrun.dll | 0x6dab0000 | 0x6dad9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrobj.dll | 0x6dae0000 | 0x6db0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshext.dll | 0x6db10000 | 0x6db25fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msisip.dll | 0x6dd30000 | 0x6dd37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ieframe.dll | 0x6e6a0000 | 0x6f11ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x71af0000 | 0x71b3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x72080000 | 0x72091fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleacc.dll | 0x72190000 | 0x721cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x739c0000 | 0x739e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x73da0000 | 0x73db2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x74090000 | 0x740cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x745a0000 | 0x74694fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x748a0000 | 0x748a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74bc0000 | 0x74bfafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x74e20000 | 0x74e35fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x752a0000 | 0x752abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x752b0000 | 0x7530efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x753c0000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x753d0000 | 0x754ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x754f0000 | 0x75501fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x75560000 | 0x7558cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75590000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75650000 | 0x75744fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Wldap32.dll | 0x757d0000 | 0x75814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x766f0000 | 0x7688cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x76890000 | 0x76a8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76e20000 | 0x76ea2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76ee0000 | 0x76f6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x770c0000 | 0x771f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77360000 | 0x77364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\wscript.exe, base_address = 0x80000 |
|
2 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = Enabled, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Enabled, data_ident_out = 0 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data_ident_out = 255 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = LogSecuritySuccesses, data_ident_out = 255 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = LogSecuritySuccesses, data_ident_out = 255 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapSetInformation, address = 0x75954157 |
|
1 | |
| COM | METHOD | interface = IMessageFilter, method = AddRef |
|
1 | |
| MOD | GET_FILENAME | module_name = c:\windows\system32\wscript.exe, file_name = C:\Windows\System32\WScript.exe |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data_ident_out = 18 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = TrustPolicy, data_ident_out = 171 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = UseWINSAFER, data_ident_out = 18 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = TrustPolicy, data_ident_out = 171 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = UseWINSAFER, data_ident_out = 1 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data_ident_out = 20 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data_ident_out = 1 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data_ident_out = 20 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data_ident_out = 49 |
|
1 | |
| COM | METHOD | interface = ITypeLib, method = GetTypeInfoType |
|
4 | |
| SYS | SLEEP | duration = -1 (infinite) |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\.vbs |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\.vbs, data_ident_out = VBSFile |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\VBSFile\ScriptEngine |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\VBSFile\ScriptEngine, data_ident_out = VBScript |
|
1 | |
| COM | CREATE | class_name = VBScriptEngine5, interface = IUnknown, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | CREATE | class_name = VBScriptEngine5, interface = IClassFactory, |
|
1 | |
| COM | METHOD | class_name = VBScriptEngine5, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance |
|
1 | |
| COM | QUERY | class_name = VBScriptEngine5, interface = IClassFactory, new_interface = IUnknown, |
|
1 | |
| COM | METHOD | class_name = VBScriptEngine5, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = VBScriptEngine5, interface = IUnknown, new_interface = IUnknown |
|
1 | |
| MOD | LOAD | module_name = ole32.dll, base_address = 0x76a90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address = 0x76ad9d0b |
|
1 | |
| COM | CREATE | class_name = {6C736DB1-BD94-11D0-8A23-00AA00B58E10}, interface = ISystemDebugEventFire, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = AddRef |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = BeginSession |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\n3e.vbs, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN |
|
1 | |
| MOD | CREATE_MAPPING | file_name = c:\users\public\n3eg\n3e.vbs, module_name = Nameless FileMapping, maximum_size = 4199, protection = PAGE_READONLY |
|
1 | |
| MOD | MAP | file_name = c:\users\public\n3eg\n3e.vbs, process_name = c:\windows\system32\wscript.exe, os_pid = 0xf28, module_name = Nameless FileMapping, desired_access = FILE_MAP_READ, file_offset = 0, address = 0x350000 |
|
1 | |
| MOD | UNMAP | process_name = c:\windows\system32\wscript.exe, os_pid = 0xf28, base_address = 0x350000 |
|
1 | |
| MOD | LOAD | module_name = C:\Windows\system32\advapi32.dll, base_address = 0x76650000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address = 0x76672102 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address = 0x76673352 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address = 0x76673825 |
|
1 | |
| FILE | READ | file_name = c:\users\public\n3eg\n3e.vbs, module_name = Nameless FileMapping, size = 4199 |
|
1 | |
| COM | CREATE | class_name = {06290BD1-48AA-11D2-8432-006008C3FBFC}, interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090}, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | CREATE | class_name = {06290BD1-48AA-11D2-8432-006008C3FBFC}, interface = IClassFactory, |
|
1 | |
| COM | METHOD | interface = IClassFactory, method = CreateInstance |
|
1 | |
| COM | QUERY | interface = IClassFactory, new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090}, |
|
1 | |
| SYS | GET_INFO | type = Hardware Information |
|
1 | |
| COM | METHOD | interface = None, method = AddRef |
|
1 | |
| COM | QUERY | interface = None, new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090} |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = IsActive |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\ole32.dll, base_address = 0x76a90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CLSIDFromProgIDEx, address = 0x76aa0782 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoGetClassObject, address = 0x76ac54ad |
|
1 | |
| COM | CREATE | class_name = FileSystemObject, interface = IClassFactory, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | METHOD | interface = ITypeLib, method = GetTypeInfoType |
|
1 | |
| COM | CREATE | class_name = Shell, interface = IClassFactory, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | QUERY | class_name = Shell, interface = IClassFactory, new_interface = {342D1EA0-AE25-11D1-89C5-006008C3FBFC}, |
|
1 | |
| COM | METHOD | class_name = Shell, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance |
|
1 | |
| COM | QUERY | class_name = Shell, interface = IClassFactory, new_interface = IUnknown, |
|
1 | |
| COM | QUERY | class_name = Shell, interface = IUnknown, new_interface = IObjectWithSite |
|
1 | |
| COM | METHOD | class_name = Shell, interface = IObjectWithSite, method = SetSite |
|
1 | |
| COM | METHOD | class_name = FileSystemObject, interface = IClassFactory, method = AddRef |
|
1 | |
| COM | QUERY | class_name = Shell, interface = IUnknown, new_interface = IDispatch |
|
1 | |
| COM | METHOD | class_name = Shell, interface = IUnknown, method = AddRef |
|
2 | |
| COM | QUERY | class_name = Shell, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = Shell, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = Shell, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = Shell, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = Shell, interface = IUnknown, method = Invoke |
|
1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
3 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| WND | CREATE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1, window_parameter = 3548128 |
|
1 | |
| WND | SET_ATTRIBUTE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #7 / 0x494 |
| OS Parent PID | 0xf28 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\wscript.exe |
| Command Line | "C:\Windows\System32\wscript.exe" "C:\Users\Public\N3Eg\N3E.vbs" uac |
| Monitor | Start Time: 00:03:46, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Terminated |
| Monitor Duration | 00:00:03 |
| OS Thread IDs |
#
96
0x 8C0
#
97
0x 8C4
#
98
0x 490
#
99
0x 478
#
100
0x 488
#
103
0x 268
#
104
0x 948
#
105
0x 968
#
107
0x 990
#
113
0x 9C8
#
115
0x 690 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00041fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| wscript.exe.mui | 0x00050000 | 0x00052fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | Readable, Writable |
|
|
|
|
| wscript.exe | 0x00080000 | 0x000a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| locale.nls | 0x000b0000 | 0x00116fff | Memory Mapped File | Readable |
|
|
|
|
| wscript.exe | 0x00120000 | 0x0012efff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000150000 | 0x00150000 | 0x00151fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
|
| scrrun.dll | 0x00260000 | 0x00274fff | Memory Mapped File | Readable |
|
|
|
|
| wshom.ocx | 0x00280000 | 0x0028bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x00377fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000380000 | 0x00380000 | 0x00380fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x0048ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000490000 | 0x00490000 | 0x00590fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000005a0000 | 0x005a0000 | 0x0119ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000011a0000 | 0x011a0000 | 0x011a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x011b0000 | 0x011b0fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000011c0000 | 0x011c0000 | 0x011fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001200000 | 0x01200000 | 0x012defff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012e0000 | 0x012e0000 | 0x012e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012f0000 | 0x012f0000 | 0x012f1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x01300000 | 0x01303fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001310000 | 0x01310000 | 0x0140ffff | Private Memory | Readable, Writable |
|
|
|
|
| SortDefault.nls | 0x01410000 | 0x016defff | Memory Mapped File | Readable |
|
|
|
|
| {AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db | 0x016e0000 | 0x016fcfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001700000 | 0x01700000 | 0x01700fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| {6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db | 0x01710000 | 0x0173ffff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x01740000 | 0x01743fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000001750000 | 0x01750000 | 0x01750fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001760000 | 0x01760000 | 0x01760fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001770000 | 0x01770000 | 0x0186ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001870000 | 0x01870000 | 0x0196ffff | Private Memory | Readable, Writable |
|
|
|
|
| FirewallAPI.dll | 0x01970000 | 0x0197afff | Memory Mapped File | Readable |
|
|
|
|
| stdole2.tlb | 0x01980000 | 0x01983fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001990000 | 0x01990000 | 0x01a8ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001a90000 | 0x01a90000 | 0x01e8ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| {DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | 0x01e90000 | 0x01ef5fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001f80000 | 0x01f80000 | 0x0207ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002080000 | 0x02080000 | 0x0217ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002160000 | 0x02160000 | 0x0225ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002280000 | 0x02280000 | 0x0237ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000023f0000 | 0x023f0000 | 0x024effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000024f0000 | 0x024f0000 | 0x028e2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| comctl32.dll | 0x6c1c0000 | 0x6c243fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshom.ocx | 0x6c420000 | 0x6c440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vbscript.dll | 0x6c4c0000 | 0x6c52afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrrun.dll | 0x6dab0000 | 0x6dad9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| scrobj.dll | 0x6dae0000 | 0x6db0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshext.dll | 0x6db10000 | 0x6db25fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msisip.dll | 0x6dd30000 | 0x6dd37fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ieframe.dll | 0x6e6a0000 | 0x6f11ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x71af0000 | 0x71b3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x72080000 | 0x72091fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleacc.dll | 0x72190000 | 0x721cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x739c0000 | 0x739e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x73da0000 | 0x73db2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x74090000 | 0x740cffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74110000 | 0x742adfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x745a0000 | 0x74694fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| version.dll | 0x748a0000 | 0x748a8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| FirewallAPI.dll | 0x748b0000 | 0x74925fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74bc0000 | 0x74bfafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x74e20000 | 0x74e35fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x752a0000 | 0x752abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x752b0000 | 0x7530efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75350000 | 0x7535afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x753c0000 | 0x753cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x753d0000 | 0x754ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x754f0000 | 0x75501fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x75560000 | 0x7558cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x75590000 | 0x755b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75650000 | 0x75744fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Wldap32.dll | 0x757d0000 | 0x75814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x759e0000 | 0x76629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| setupapi.dll | 0x766f0000 | 0x7688cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x76890000 | 0x76a8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76d70000 | 0x76dc6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76e20000 | 0x76ea2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76ee0000 | 0x76f6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x770c0000 | 0x771f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x77360000 | 0x77364fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\wscript.exe, base_address = 0x80000 |
|
2 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = Enabled, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Enabled, data_ident_out = 0 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = LogSecuritySuccesses, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = LogSecuritySuccesses, data_ident_out = 0 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapSetInformation, address = 0x75954157 |
|
1 | |
| COM | METHOD | interface = IMessageFilter, method = AddRef |
|
1 | |
| MOD | GET_FILENAME | module_name = c:\windows\system32\wscript.exe, file_name = C:\Windows\System32\wscript.exe |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data_ident_out = 237 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = TrustPolicy, data_ident_out = 143 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = UseWINSAFER, data_ident_out = 237 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = TrustPolicy, data_ident_out = 143 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = UseWINSAFER, data_ident_out = 1 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data_ident_out = 176 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data_ident_out = 1 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data_ident_out = 176 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data_ident_out = 49 |
|
1 | |
| COM | METHOD | interface = ITypeLib, method = GetTypeInfoType |
|
4 | |
| SYS | SLEEP | duration = -1 (infinite) |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\.vbs |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\.vbs, data_ident_out = VBSFile |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CLASSES_ROOT\VBSFile\ScriptEngine |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CLASSES_ROOT\VBSFile\ScriptEngine, data_ident_out = VBScript |
|
1 | |
| COM | CREATE | class_name = VBScriptEngine5, interface = IUnknown, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | CREATE | class_name = VBScriptEngine5, interface = IClassFactory, |
|
1 | |
| COM | METHOD | class_name = VBScriptEngine5, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance |
|
1 | |
| COM | QUERY | class_name = VBScriptEngine5, interface = IClassFactory, new_interface = IUnknown, |
|
1 | |
| COM | METHOD | class_name = VBScriptEngine5, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = VBScriptEngine5, interface = IUnknown, new_interface = IUnknown |
|
1 | |
| MOD | LOAD | module_name = ole32.dll, base_address = 0x76a90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address = 0x76ad9d0b |
|
1 | |
| COM | CREATE | class_name = {6C736DB1-BD94-11D0-8A23-00AA00B58E10}, interface = ISystemDebugEventFire, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = AddRef |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = BeginSession |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\n3e.vbs, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN |
|
1 | |
| MOD | CREATE_MAPPING | file_name = c:\users\public\n3eg\n3e.vbs, module_name = Nameless FileMapping, maximum_size = 4199, protection = PAGE_READONLY |
|
1 | |
| MOD | MAP | file_name = c:\users\public\n3eg\n3e.vbs, process_name = c:\windows\system32\wscript.exe, os_pid = 0x494, module_name = Nameless FileMapping, desired_access = FILE_MAP_READ, file_offset = 0, address = 0x150000 |
|
1 | |
| MOD | UNMAP | process_name = c:\windows\system32\wscript.exe, os_pid = 0x494, base_address = 0x150000 |
|
1 | |
| MOD | LOAD | module_name = C:\Windows\system32\advapi32.dll, base_address = 0x76650000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address = 0x76672102 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address = 0x76673352 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address = 0x76673825 |
|
1 | |
| FILE | READ | file_name = c:\users\public\n3eg\n3e.vbs, module_name = Nameless FileMapping, size = 4199 |
|
1 | |
| COM | CREATE | class_name = {06290BD1-48AA-11D2-8432-006008C3FBFC}, interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090}, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | CREATE | class_name = {06290BD1-48AA-11D2-8432-006008C3FBFC}, interface = IClassFactory, |
|
1 | |
| COM | METHOD | interface = IClassFactory, method = CreateInstance |
|
1 | |
| COM | QUERY | interface = IClassFactory, new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090}, |
|
1 | |
| SYS | GET_INFO | type = Hardware Information |
|
1 | |
| COM | METHOD | interface = None, method = AddRef |
|
1 | |
| COM | QUERY | interface = None, new_interface = {E4D1C9B0-46E8-11D4-A2A6-00104BD35090} |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = IsActive |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\ole32.dll, base_address = 0x76a90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CLSIDFromProgIDEx, address = 0x76aa0782 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoGetClassObject, address = 0x76ac54ad |
|
1 | |
| COM | CREATE | class_name = FileSystemObject, interface = IClassFactory, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | METHOD | interface = ITypeLib, method = GetTypeInfoType |
|
1 | |
| COM | CREATE | class_name = WshShell, interface = IUnknown, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | CREATE | class_name = WshShell, interface = IClassFactory, |
|
1 | |
| COM | METHOD | class_name = FileSystemObject, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance |
|
1 | |
| COM | QUERY | class_name = FileSystemObject, interface = IClassFactory, new_interface = IUnknown, |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\System32\wscript.exe |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\wscript.exe, base_address = 0x80000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wscript.exe, function = 1, address = 0x82bb9 |
|
1 | |
| COM | METHOD | class_name = FileSystemObject, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = FileSystemObject, interface = IUnknown, new_interface = IUnknown |
|
1 | |
| COM | METHOD | interface = ITypeLib, method = GetTypeInfoType |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, value_name = EnableLUA, data = 0 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, value_name = ConsentPromptBehaviorAdmin, data = 0 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, value_name = PromptOnSecureDesktop, data = 0 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download, value_name = CheckExeSignatures, data = no |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download, value_name = RunInvalidSignatures, data = 00000001 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center, value_name = AntiVirusDisableNotify, data = 1 |
|
1 | |
| REG | CREATE_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center |
|
1 | |
| REG | WRITE_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center, value_name = UpdatesDisableNotify, data = 1 |
|
1 | |
| MOD | LOAD | module_name = shell32.dll, base_address = 0x759e0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteExW, address = 0x75a01e46 |
|
1 | |
| PROC | CREATE | process_name = sc, operation = Open, show_window = SW_HIDE |
|
1 | |
| PROC | CREATE | process_name = net, operation = Open, show_window = SW_HIDE |
|
1 | |
| COM | CREATE | class_name = NetFwPolicy2, interface = IClassFactory, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IClassFactory, new_interface = {342D1EA0-AE25-11D1-89C5-006008C3FBFC}, |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IClassFactory, new_interface = IUnknown, method = CreateInstance |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IClassFactory, new_interface = IUnknown, |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {FC4801A3-2BA9-11CF-A229-00AA003D7352} |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = IDispatch |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
2 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, new_interface = IDispatch, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IDispatch, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IDispatch, method = AddRef |
|
2 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IDispatch, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IDispatch, new_interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {00020400-0000-0000-C000-000000000046} |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = IEnumVARIANT |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IDispatch, method = AddRef |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Next |
|
1 | |
| COM | CREATE | class_name = NetFwRule, interface = IClassFactory, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {342D1EA0-AE25-11D1-89C5-006008C3FBFC}, |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, new_interface = IUnknown, method = CreateInstance |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = IUnknown, |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {FC4801A3-2BA9-11CF-A229-00AA003D7352} |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = IDispatch |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
2 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IUnknown, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IUnknown, method = Invoke |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IDispatch, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IDispatch, method = GetIDsOfNames |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IDispatch, method = AddRef |
|
1 | |
| COM | QUERY | class_name = NetFwPolicy2, interface = IDispatch, new_interface = {A6EF9860-C720-11D0-9337-00A0C90DCAA9} |
|
1 | |
| COM | METHOD | class_name = NetFwPolicy2, interface = IDispatch, new_interface = IDispatch, method = Invoke |
|
1 | |
| PROC | CREATE | process_name = cmd, operation = Open, show_window = SW_HIDE |
|
2 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = IsActive |
|
1 | |
| COM | METHOD | interface = ISystemDebugEventFire, method = EndSession |
|
1 | |
| SYS | SLEEP | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| WND | CREATE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1, window_parameter = 2761696 |
|
1 | |
| WND | SET_ATTRIBUTE | class_name = WSH-Timer, x_coordinate = 0, y_coordinate = 0, width = 1, height = 1 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #8 / 0x960 |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | "C:\Windows\System32\sc.exe" config WinDefend start= disabled |
| Monitor | Start Time: 00:03:47, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Terminated |
| Monitor Duration | 00:00:01 |
| OS Thread IDs |
#
106
0x 994
#
109
0x 6AC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000080000 | 0x00080000 | 0x000bffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x000c0000 | 0x00126fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000001f0000 | 0x001f0000 | 0x001fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000220000 | 0x00220000 | 0x0031ffff | Private Memory | Readable, Writable |
|
|
|
|
| sc.exe | 0x00ec0000 | 0x00ecbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\sc.exe, base_address = 0xec0000 |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| SVC | OPEN_MGR | database_name = SERVICES_ACTIVE_DATABASE, host = Localhost, desired_access = SC_MANAGER_CONNECT |
|
1 | |
| SVC | OPEN | service_name = WinDefend, database_name = SERVICES_ACTIVE_DATABASE, desired_access = SERVICE_QUERY_CONFIG, SERVICE_CHANGE_CONFIG |
|
1 | |
| SVC | GET_INFO | service_name = WinDefend, type = SERVICE_CONFIG_DELAYED_AUTO_START_INFO |
|
1 | |
| SVC | SET_CONFIG | service_name = WinDefend |
|
1 | |
| SVC | SET_CONFIG | service_name = WinDefend, new_service_type = SERVICE_NO_CHANGE, new_start_type = SERVICE_DISABLED |
|
1 | |
| FILE | WRITE | file_name = STD_OUTPUT_HANDLE, size = 34 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #9 / 0x6b0 |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\net.exe |
| Command Line | "C:\Windows\System32\net.exe" localgroup HomeUsers /delete DSsDPMx042 |
| Monitor | Start Time: 00:03:47, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Terminated |
| Monitor Duration | 00:00:01 |
| OS Thread IDs |
#
108
0x 954 |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| net.exe | 0x00130000 | 0x00147fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000270000 | 0x00270000 | 0x002effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000430000 | 0x00430000 | 0x0043ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000490000 | 0x00490000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| browcli.dll | 0x6dca0000 | 0x6dcacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mpr.dll | 0x72080000 | 0x72091fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x72300000 | 0x72306fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| IPHLPAPI.DLL | 0x72310000 | 0x7232bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samcli.dll | 0x73b20000 | 0x73b2efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x73b30000 | 0x73b3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x73b40000 | 0x73b48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| srvcli.dll | 0x751f0000 | 0x75208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77340000 | 0x77345fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Information | Value |
|---|---|
| ID / OS PID | #10 / 0x9bc |
| OS Parent PID | 0x6b0 (c:\windows\system32\net.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\net1.exe |
| Command Line | C:\Windows\system32\net1 localgroup HomeUsers /delete DSsDPMx042 |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:48, Reason: Terminated |
| Monitor Duration | 00:00:00 |
| OS Thread IDs |
#
110
0x 66C
#
111
0x 668
#
112
0x 664 |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x000cffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003d0000 | 0x003d0000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004d0000 | 0x004d0000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000550000 | 0x00550000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| net1.exe | 0x00a70000 | 0x00a99fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netmsg.dll | 0x6c3c0000 | 0x6c3c1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| browcli.dll | 0x6dca0000 | 0x6dcacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdsapi.dll | 0x72e10000 | 0x72e27fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dsrole.dll | 0x73720000 | 0x73728fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samcli.dll | 0x73b20000 | 0x73b2efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x73b30000 | 0x73b3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x73b40000 | 0x73b48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netapi32.dll | 0x73b50000 | 0x73b60fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samlib.dll | 0x740d0000 | 0x740e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| logoncli.dll | 0x74c70000 | 0x74c91fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| srvcli.dll | 0x751f0000 | 0x75208fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77340000 | 0x77345fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x773f0000 | 0x77424fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\net1.exe, base_address = 0xa70000 |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | OPEN | file_name = STD_ERROR_HANDLE |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\system32\net1.exe |
|
1 | |
| MOD | LOAD | module_name = NETMSG, base_address = 0x6c3c0000 |
|
1 | |
| FILE | WRITE | file_name = STD_ERROR_HANDLE, size = 33 |
|
1 | |
| FILE | WRITE | file_name = STD_ERROR_HANDLE, size = 2 |
|
1 | |
| FILE | WRITE | file_name = STD_ERROR_HANDLE, size = 43 |
|
1 | |
| FILE | WRITE | file_name = STD_ERROR_HANDLE, size = 2 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #11 / 0x69c |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /k echo a > "C:\Users\Public\N3Eg\uc" |
| Monitor | Start Time: 00:03:48, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:02 |
| OS Thread IDs |
#
114
0x 9CC |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000130000 | 0x00130000 | 0x00133fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00150000 | 0x001b6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x00287fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000290000 | 0x00290000 | 0x00296fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002c0000 | 0x002c0000 | 0x003bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x004c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000500000 | 0x00500000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000510000 | 0x00510000 | 0x0110ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001110000 | 0x01110000 | 0x0139afff | Pagefile Backed Memory | Readable |
|
|
|
|
| cmd.exe | 0x4a810000 | 0x4a85bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x6dd80000 | 0x6dd86fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a810000 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address = 0x759524c2 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
3 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
2 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 88 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 64 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 9 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 9 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 9 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\System32\cmd.exe |
|
1 | |
| PROC | SET_CURDIR | process_name = c:\windows\system32\cmd.exe, os_pid = 0x69c, new_path_name = c:\windows\system32 |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
4 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address = 0x7593ac6c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address = 0x75952732 |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
4 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\uc, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
3 | |
| FILE | WRITE | file_name = c:\users\public\n3eg\uc, size = 4 |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
2 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
3 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | WRITE | file_name = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | WRITE | file_name = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
6 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | READ | file_name = STD_INPUT_HANDLE, size = 8192 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #12 / 0x660 |
| OS Parent PID | 0x494 (c:\windows\system32\wscript.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /k shutdown -r -t 0 -f |
| Monitor | Start Time: 00:03:49, Reason: Child Process |
| Unmonitor | End Time: 00:03:50, Reason: Terminated |
| Monitor Duration | 00:00:01 |
| OS Thread IDs |
#
116
0x 65C |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x004a7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000580000 | 0x00580000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000590000 | 0x00590000 | 0x00690fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006a0000 | 0x006a0000 | 0x0129ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000012a0000 | 0x012a0000 | 0x0152afff | Pagefile Backed Memory | Readable |
|
|
|
|
| cmd.exe | 0x4a810000 | 0x4a85bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x6dd80000 | 0x6dd86fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a810000 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address = 0x759524c2 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
3 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
2 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 64 |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data_ident_out = 64 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data_ident_out = 1 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data_ident_out = 9 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data_ident_out = 9 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data_ident_out = 9 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\System32\cmd.exe |
|
1 | |
| PROC | SET_CURDIR | process_name = c:\windows\system32\cmd.exe, os_pid = 0x660, new_path_name = c:\windows\system32 |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
3 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x75900000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address = 0x7593ac6c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address = 0x75943ea8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address = 0x75952732 |
|
1 | |
| PROC | CREATE | process_name = C:\Windows\system32\shutdown.exe, os_tid = 0x9f0, os_pid = 0x9ec, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, current_directory = C:\Windows\system32, show_window = SW_SHOWNORMAL |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
2 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
3 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | WRITE | file_name = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | OPEN | file_name = c:\users\public\n3eg\uc |
|
1 | |
| FILE | WRITE | file_name = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| FILE | OPEN | file_name = STD_INPUT_HANDLE |
|
6 | |
| FILE | OPEN | file_name = STD_OUTPUT_HANDLE |
|
1 | |
| FILE | READ | file_name = STD_INPUT_HANDLE, size = 8192 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #13 / 0x9ec |
| OS Parent PID | 0x660 (c:\windows\system32\cmd.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\shutdown.exe |
| Command Line | shutdown -r -t 0 -f |
| Monitor | Start Time: 00:03:49, Reason: Child Process |
| Unmonitor | End Time: 00:03:49, Reason: Terminated |
| Monitor Duration | 00:00:00 |
| OS Thread IDs |
#
117
0x 9F0
#
118
0x A1C |
| Remarks | No high level activity detected in monitored regions |
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000140000 | 0x00140000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001d0000 | 0x001d0000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x00397fff | Pagefile Backed Memory | Readable |
|
|
|
|
| shutdown.exe | 0x00410000 | 0x00419fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000005b0000 | 0x005b0000 | 0x005bffff | Private Memory | Readable, Writable |
|
|
|
|
| secur32.dll | 0x75260000 | 0x75267fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75280000 | 0x7529afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| KernelBase.dll | 0x75510000 | 0x75559fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75830000 | 0x758fbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x75900000 | 0x759d3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x76630000 | 0x7664efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x76650000 | 0x766effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76a90000 | 0x76bebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76bf0000 | 0x76c90fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x76ca0000 | 0x76d68fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76dd0000 | 0x76e1dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76f70000 | 0x7701bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x77020000 | 0x770bcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77200000 | 0x7733bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x77350000 | 0x77359fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x773d0000 | 0x773e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apisetschema.dll | 0x77440000 | 0x77440fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| Information | Value |
|---|---|
| ID / OS PID | #14 / 0x574 |
| OS Parent PID | 0x470 (c:\windows\explorer.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\system32\regsvr32.exe |
| Command Line | "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Public\N3Eg\N3Eg2.51N3E" #96 |
| Monitor | Start Time: 00:04:12, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:23, Reason: Terminated |
| Monitor Duration | 00:00:11 |
| OS Thread IDs |
#
120
0x 578 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address = 0x777c22d7 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address = 0x777be627 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address = 0x777bae42 |
|
1 | |
| SYS | GET_INFO | type = Hardware Information |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Users\Public\N3Eg\N3Eg2.51N3E |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\System32\regsvr32.exe |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address = 0x777bbe77 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address = 0x777bde40 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\System32\regsvr32.exe |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x77a00000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address = 0x77a04c28 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x77a7c802 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x77a7ec66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x77a25934 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x77a7d332 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x77a7dbd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x77a7e405 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x77a7f00a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x77a7f15e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x77a25a98 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x77a7ecfa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x77a7ee2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x77a1b0dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address = 0x77a16fab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address = 0x77a201a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address = 0x77a1699e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address = 0x77a26ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address = 0x77a46c12 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address = 0x77a1dbd1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address = 0x77a27fdc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address = 0x77a17a2a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address = 0x77a20355 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address = 0x77bb9981 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeConditionVariable, address = 0x77c05a7b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address = 0x77b845a5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address = 0x777b18be |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\System32\regsvr32.exe |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateToolhelp32Snapshot, address = 0x777bf731 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32ListFirst, address = 0x778102e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32ListNext, address = 0x77810391 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32First, address = 0x77810429 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Heap32Next, address = 0x77810614 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Toolhelp32ReadProcessMemory, address = 0x77810819 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32First, address = 0x777e443d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32Next, address = 0x777e4505 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address = 0x777bfa35 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address = 0x777bfaca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32FirstW, address = 0x777bfa35 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Process32NextW, address = 0x777bfaca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Thread32First, address = 0x777e7e4c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Thread32Next, address = 0x777e7edc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32First, address = 0x77810859 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32Next, address = 0x77810942 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32FirstW, address = 0x777bc59e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32NextW, address = 0x777bc11f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32FirstW, address = 0x777bc59e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Module32NextW, address = 0x777bc11f |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualAllocEx, address = 0x777bc1b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WriteProcessMemory, address = 0x777bc1de |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address = 0x7780f33b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address = 0x777c59d7 |
|
1 | |
| PROC | OPEN | process_name = c:\windows\explorer.exe, os_pid = 0x470, desired_access = PROCESS_ALL_ACCESS |
|
1 | |
| MEM | ALLOC | address = 0x3140000, process_name = c:\windows\explorer.exe, os_pid = 0x470, size = 66, allocation_type = MEM_COMMIT, protection = PAGE_READWRITE |
|
1 | |
| MEM | WRITE | address = 0x3140000, process_name = c:\windows\explorer.exe, os_pid = 0x470, size = 66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address = 0x777d3c01 |
|
1 | |
| THREAD | CREATE | process_name = c:\windows\explorer.exe, os_tid = 0x628, os_pid = 0x470, proc_address = 0x777d3c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x777b2004 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x777b2004 |
|
1 |
| Information | Value |
|---|---|
| ID / OS PID | #15 / 0x470 |
| OS Parent PID | 0x468 (c:\windows\system32\userinit.exe) |
| Initial Working Directory | C:\Windows\system32 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Monitor | Start Time: 00:04:22, Reason: Injection |
| Unmonitor | End Time: 00:06:46, Reason: Terminated |
| Monitor Duration | 00:02:24 |
| OS Thread IDs |
#
121
0x 5E8
#
122
0x 5C4
#
123
0x 5B4
#
124
0x 59C
#
125
0x 594
#
126
0x 568
#
127
0x 564
#
128
0x 560
#
129
0x 55C
#
130
0x 558
#
131
0x 52C
#
132
0x 528
#
133
0x 524
#
134
0x 494
#
135
0x 490
#
136
0x 48C
#
137
0x 488
#
138
0x 484
#
139
0x 480
#
140
0x 47C
#
141
0x 478
#
142
0x 474
#
143
0x 628
#
144
0x 62C
#
145
0x 66C
#
146
0x 670
#
155
0x 6A0
#
156
0x 6A8
#
157
0x 6B4
#
158
0x 6C4
#
159
0x 6C8
#
160
0x 6D0
#
161
0x 6D4
#
182
0x 7C4
#
183
0x 7C8
#
184
0x 7DC
#
185
0x 7E4
#
205
0x 918
#
210
0x 954
#
242
0x A1C
#
244
0x ACC
#
246
0x B00 |
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | c:\windows\system32\regsvr32.exe | 0x578 | address = 0x3140000, size = 66 |
|
1 | |
| Create Remote Thread | c:\windows\system32\regsvr32.exe | 0x578 | os_thread_id = 0x628, address = 0x777d3c01, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| KEYBOARD | GET_INFO | type = 0, result_out = 4 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Users\Public\N3Eg\N3Eg4.51N3E |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | LOAD | module_name = C:\Users\Public\N3Eg\N3Eg4.ENU, base_address = 0x0 |
|
1 | |
| MOD | LOAD | module_name = C:\Users\Public\N3Eg\N3Eg4.EN, base_address = 0x0 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExA, address = 0x7780f46f |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x77a00000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address = 0x77a04c28 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x77a7c802 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x77a7ec66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x77a25934 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x77a7d332 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x77a7dbd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x77a7e405 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x77a7f00a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x77a7f15e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x77a25a98 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x77a7ecfa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x77a7ee2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x77a1b0dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address = 0x77a16fab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address = 0x77a201a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address = 0x77a1699e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address = 0x77a26ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address = 0x77a46c12 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address = 0x77a1dbd1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address = 0x77a27fdc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address = 0x77a17a2a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address = 0x77a20355 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| FILE | CREATE | file_name = c:\users\public\n3eg\n3eg1.51n3e, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, create_disposition = OPEN_EXISTING, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | READ | file_name = c:\users\public\n3eg\n3eg1.51n3e, size = 2689537 |
|
1 | |
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x77a00000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysFreeString, address = 0x77a03e59 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysReAllocStringLen, address = 0x77a07810 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysAllocStringLen, address = 0x77a045d2 |
|
1 | |
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x77130000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address = 0x771446ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address = 0x7714468d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address = 0x7714469d |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MessageBoxA, address = 0x762cea11 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharNextW, address = 0x76280be6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadStringW, address = 0x7627dfba |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address = 0x777cba46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address = 0x777d1da4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address = 0x777d2fb6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = lstrlenW, address = 0x777cd9e8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address = 0x777d76d6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = QueryPerformanceCounter, address = 0x777cbb9f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address = 0x777cba60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetSystemInfo, address = 0x777d3728 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVersion, address = 0x777c154e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CompareStringW, address = 0x777c9bee |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocale, address = 0x777c3de4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadLocale, address = 0x777e88e6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetSystemDefaultUILanguage, address = 0x777b731d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultUILanguage, address = 0x777c22ef |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoW, address = 0x777d6596 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address = 0x777d450e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = MultiByteToWideChar, address = 0x777d452b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address = 0x777d39aa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryExW, address = 0x777c4775 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetStartupInfoW, address = 0x777d3891 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address = 0x777d33d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address = 0x777d374d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address = 0x777d3c26 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCommandLineW, address = 0x777d679e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address = 0x777cd9d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address = 0x777cbf00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = UnhandledExceptionFilter, address = 0x777ded38 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RtlUnwind, address = 0x777b7f70 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address = 0x777beb60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ExitProcess, address = 0x777d214f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ExitThread, address = 0x77b8f611 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SwitchToThread, address = 0x777beb24 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address = 0x777cbb80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address = 0x777d375d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address = 0x77bb9ac5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address = 0x77ba7760 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address = 0x77ba77a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address = 0x77bba149 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address = 0x777d53b2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address = 0x777d0e62 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address = 0x777d1400 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address = 0x777d1e46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address = 0x777cca7c |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address = 0x777d33d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address = 0x777beb60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryA, address = 0x777d395c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address = 0x777cbf00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsSetValue, address = 0x777cda88 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsGetValue, address = 0x777cda70 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsFree, address = 0x777d13b8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = TlsAlloc, address = 0x777d35a1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address = 0x777cca64 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LocalAlloc, address = 0x777d3363 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address = 0x777cd9d0 |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetClassLongW, address = 0x7627658b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassLongW, address = 0x76283860 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowLongW, address = 0x76284449 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowLongW, address = 0x762861b8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateWindowExW, address = 0x7627ec7c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = keybd_event, address = 0x762cec3b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = WindowFromPoint, address = 0x762a6be9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = WaitMessage, address = 0x762866bd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = WaitForInputIdle, address = 0x762a0397 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = UpdateWindow, address = 0x7627ffa8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = UnregisterClassW, address = 0x7627b9ae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = UnhookWindowsHookEx, address = 0x7627adf9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = TranslateMessage, address = 0x762864c7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = TranslateMDISysAccel, address = 0x762a1a5a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = TrackPopupMenu, address = 0x76292228 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SystemParametersInfoW, address = 0x7627e09a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SwitchDesktop, address = 0x7627476b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowWindow, address = 0x7627f2a9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowScrollBar, address = 0x762a3c89 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowOwnedPopups, address = 0x762a28ca |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ShowCaret, address = 0x76279334 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowRgn, address = 0x762799ec |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowsHookExW, address = 0x7627e30c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowTextW, address = 0x7628612b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowPos, address = 0x76281bc4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetWindowPlacement, address = 0x76277f78 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetTimer, address = 0x762852ef |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetScrollRange, address = 0x76278ec5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetScrollPos, address = 0x762a04be |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetScrollInfo, address = 0x762848da |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetRect, address = 0x7628498b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetPropW, address = 0x76285dc5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetParent, address = 0x76278314 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetMenuItemInfoW, address = 0x76281799 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetMenu, address = 0x762a6b0e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetKeyboardState, address = 0x762a695a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetForegroundWindow, address = 0x7627b225 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetFocus, address = 0x7627abad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetCursorPos, address = 0x762bc1b0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetCursor, address = 0x76283075 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetCapture, address = 0x762a6932 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetActiveWindow, address = 0x7628333a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SendMessageTimeoutW, address = 0x7627e459 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SendMessageA, address = 0x7627ad60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SendMessageW, address = 0x76285539 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ScrollWindow, address = 0x7629fc1d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ScreenToClient, address = 0x7627a506 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RemovePropW, address = 0x76285fe1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RemoveMenu, address = 0x762786e8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ReleaseDC, address = 0x76285421 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ReleaseCapture, address = 0x762a69f2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterWindowMessageW, address = 0x7627df8d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterClipboardFormatW, address = 0x7627df8d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterClassW, address = 0x7627ed4a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RedrawWindow, address = 0x762829bc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PostQuitMessage, address = 0x7627b308 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PostMessageW, address = 0x7628447b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PeekMessageA, address = 0x762819a5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = PeekMessageW, address = 0x7628634a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = OpenDesktopW, address = 0x7627c669 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MsgWaitForMultipleObjectsEx, address = 0x7627e369 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MsgWaitForMultipleObjects, address = 0x762837d8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MoveWindow, address = 0x76278d29 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MessageBoxW, address = 0x762cea5f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MessageBeep, address = 0x762a2939 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MapWindowPoints, address = 0x76285caa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MapVirtualKeyW, address = 0x762a6a7c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadStringW, address = 0x7627dfba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadKeyboardLayoutW, address = 0x762bc874 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadIconW, address = 0x7627f142 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadCursorW, address = 0x7627ed90 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = LoadBitmapW, address = 0x76276460 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = KillTimer, address = 0x762864f7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsZoomed, address = 0x76284ce9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindowVisible, address = 0x76284d69 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindowUnicode, address = 0x76282f55 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindowEnabled, address = 0x7627a9b9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsWindow, address = 0x762853ba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsIconic, address = 0x76284c8e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsDialogMessageA, address = 0x76292019 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsDialogMessageW, address = 0x76284104 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsChild, address = 0x76283a83 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = InvalidateRect, address = 0x7628566d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = InsertMenuItemW, address = 0x7627aac5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = InsertMenuW, address = 0x7627869a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = HideCaret, address = 0x76279348 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowThreadProcessId, address = 0x7627ee32 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowTextW, address = 0x7627b8c5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowRect, address = 0x7628558c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowPlacement, address = 0x762a69de |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindowDC, address = 0x76284ab7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetTopWindow, address = 0x762a24d9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address = 0x762867cf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSystemMenu, address = 0x7627fd8b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSysColorBrush, address = 0x7627f1ed |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSysColor, address = 0x7628db7a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetSubMenu, address = 0x76279c19 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetScrollRange, address = 0x762a045a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetScrollPos, address = 0x762a0e43 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetScrollInfo, address = 0x76282da3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetPropW, address = 0x76285bbe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetParent, address = 0x76286029 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetWindow, address = 0x76282780 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMessageTime, address = 0x762a4231 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMessagePos, address = 0x762a6703 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMessageExtraInfo, address = 0x7627b705 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuStringW, address = 0x762a6528 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuState, address = 0x762a67d2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuItemInfoW, address = 0x7627aefa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuItemID, address = 0x76279cd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenuItemCount, address = 0x7627ae39 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMenu, address = 0x762a6b68 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetLastActivePopup, address = 0x762a6894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardState, address = 0x762a6946 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardLayoutNameW, address = 0x762bfa13 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardLayoutList, address = 0x7627935c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyboardLayout, address = 0x76283800 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyState, address = 0x76282b4d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetKeyNameTextW, address = 0x762bfa03 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetIconInfo, address = 0x76282989 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetGUIThreadInfo, address = 0x7628237e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetForegroundWindow, address = 0x7628335d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetFocus, address = 0x76283a34 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDlgCtrlID, address = 0x7627b4e8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDesktopWindow, address = 0x762801a9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDCEx, address = 0x76282d57 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetDC, address = 0x7628544c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetCursorPos, address = 0x7627a4b3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetCursor, address = 0x762a6408 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClipboardData, address = 0x76292ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClientRect, address = 0x762854dd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassNameW, address = 0x76282a29 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassInfoExW, address = 0x7628095e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetClassInfoW, address = 0x76280ac2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetCapture, address = 0x76279dc7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetActiveWindow, address = 0x762a3b33 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FrameRect, address = 0x762a0eb0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FindWindowExW, address = 0x762a712b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FindWindowW, address = 0x7627ae0d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = FillRect, address = 0x76285d56 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumWindows, address = 0x7628375b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumThreadWindows, address = 0x7627b712 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumChildWindows, address = 0x76282948 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EndPaint, address = 0x76285d42 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EndMenu, address = 0x76278302 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnableWindow, address = 0x76278d02 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnableScrollBar, address = 0x762a19ce |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnableMenuItem, address = 0x762a43bc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawTextExW, address = 0x76285894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawTextW, address = 0x76285b6a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawMenuBar, address = 0x762a15ae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawIconEx, address = 0x76282c32 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawIcon, address = 0x76276427 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawFrameControl, address = 0x7629b4f9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawFocusRect, address = 0x762a3091 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DrawEdge, address = 0x7628311a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DispatchMessageA, address = 0x76282e32 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DispatchMessageW, address = 0x7628cc61 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyWindow, address = 0x7627b2f4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyMenu, address = 0x762787f7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyIcon, address = 0x7627a77f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DestroyCursor, address = 0x7627a77f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DeleteMenu, address = 0x762783c2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DefWindowProcW, address = 0x7628507d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DefMDIChildProcW, address = 0x762a150a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = DefFrameProcW, address = 0x762a152b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreatePopupMenu, address = 0x7627867c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateMenu, address = 0x762a6aed |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateIcon, address = 0x76297510 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CreateDesktopW, address = 0x762740cf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CopyImage, address = 0x762787a6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CloseDesktop, address = 0x7627c4ce |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ClientToScreen, address = 0x76281316 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CheckMenuItem, address = 0x7629ee7c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharUpperBuffW, address = 0x7628ebd5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharUpperW, address = 0x7628e981 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharNextW, address = 0x76280be6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharLowerBuffW, address = 0x76283afe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CharLowerW, address = 0x7627ba8a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CallWindowProcW, address = 0x76281b3c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = CallNextHookEx, address = 0x7627abe1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = BeginPaint, address = 0x76285d14 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = AdjustWindowRectEx, address = 0x762848ba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = ActivateKeyboardLayout, address = 0x76278203 |
|
1 | |
| MOD | LOAD | module_name = gdi32.dll, base_address = 0x76010000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = UnrealizeObject, address = 0x7601fb63 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = StretchBlt, address = 0x7601f467 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetWindowOrgEx, address = 0x76018546 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetWinMetaFileBits, address = 0x7604d957 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetViewportOrgEx, address = 0x7601834f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetTextColor, address = 0x76016906 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetStretchBltMode, address = 0x76017705 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetROP2, address = 0x7601f9e0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetPixel, address = 0x760314f3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetMapMode, address = 0x7601efbf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetEnhMetaFileBits, address = 0x7602b380 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetDIBits, address = 0x7601a995 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetDIBColorTable, address = 0x76031492 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetBrushOrgEx, address = 0x7601c4c5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetBkMode, address = 0x760169b1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SetBkColor, address = 0x76016a3c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SelectPalette, address = 0x7601a1f6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SelectObject, address = 0x76016640 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = SaveDC, address = 0x7601a74b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RoundRect, address = 0x7603016d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RestoreDC, address = 0x7601a67b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Rectangle, address = 0x7601f1ff |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RectVisible, address = 0x76018f13 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = RealizePalette, address = 0x7601ef91 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Polyline, address = 0x760205cf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Polygon, address = 0x7601fb87 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PolyBezierTo, address = 0x76046c25 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PolyBezier, address = 0x76046b03 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PlayEnhMetaFile, address = 0x7602990d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Pie, address = 0x7604569f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = PatBlt, address = 0x760162af |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = MoveToEx, address = 0x76018c21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = MaskBlt, address = 0x7601c7ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = LineTo, address = 0x7601f59b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = LPtoDP, address = 0x76018484 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = IntersectClipRect, address = 0x76017dfe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetWindowOrgEx, address = 0x7601d1bf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetWinMetaFileBits, address = 0x7604d7cb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetTextMetricsW, address = 0x76017b8f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetTextExtentPointW, address = 0x7601b358 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetTextExtentPoint32W, address = 0x7601b4b5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetSystemPaletteEntries, address = 0x7601c2e1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetStockObject, address = 0x76015ddf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetRgnBox, address = 0x7601621f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetPixel, address = 0x7601c3d5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetPaletteEntries, address = 0x7601c2aa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetObjectW, address = 0x76017568 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFilePaletteEntries, address = 0x7604d1ac |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFileHeader, address = 0x7602cd3a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFileDescriptionW, address = 0x7604dc6b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetEnhMetaFileBits, address = 0x7602cdc8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetDeviceCaps, address = 0x76016f7f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetDIBits, address = 0x7601a23b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetDIBColorTable, address = 0x7601a149 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetCurrentPositionEx, address = 0x76018d78 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetClipBox, address = 0x76018525 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetBrushOrgEx, address = 0x7601c943 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GetBitmapBits, address = 0x7601c1ba |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = GdiFlush, address = 0x76015fe4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = FrameRgn, address = 0x76045ae2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ExtTextOutW, address = 0x76018192 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ExtFloodFill, address = 0x7602fd94 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ExcludeClipRect, address = 0x76019218 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = EnumFontFamiliesExW, address = 0x7601ce94 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Ellipse, address = 0x760455e3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = DeleteObject, address = 0x76015f14 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = DeleteEnhMetaFile, address = 0x7602bda2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = DeleteDC, address = 0x76016eaa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateSolidBrush, address = 0x76016b49 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateRectRgn, address = 0x7601633b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreatePenIndirect, address = 0x7602744d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreatePalette, address = 0x7601b1b0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateHalftonePalette, address = 0x7601c2cd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateFontIndirectW, address = 0x7601abfc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateEnhMetaFileW, address = 0x7602cc1f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateDIBitmap, address = 0x7601a379 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateDIBSection, address = 0x76018850 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateCompatibleDC, address = 0x76016888 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateCompatibleBitmap, address = 0x760173ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateBrushIndirect, address = 0x7601993c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CreateBitmap, address = 0x76016b79 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CopyEnhMetaFileW, address = 0x7604d651 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CombineRgn, address = 0x7601651e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = CloseEnhMetaFile, address = 0x7602c3fe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Chord, address = 0x760454fa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = BitBlt, address = 0x760172c0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = ArcTo, address = 0x76045436 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = Arc, address = 0x7604534e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\gdi32.dll, function = AngleArc, address = 0x76045299 |
|
1 | |
| MOD | LOAD | module_name = version.dll, base_address = 0x75200000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\version.dll, function = VerQueryValueW, address = 0x75201b51 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\version.dll, function = GetFileVersionInfoSizeW, address = 0x752019d9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\version.dll, function = GetFileVersionInfoW, address = 0x752019f4 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WriteFile, address = 0x777d1400 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WinExec, address = 0x7780e5fd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WideCharToMultiByte, address = 0x777d450e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WaitForSingleObject, address = 0x777cba90 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WaitForMultipleObjectsEx, address = 0x777cbc00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualQueryEx, address = 0x777b4e42 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualQuery, address = 0x777d76d6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualProtect, address = 0x777c2341 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualFree, address = 0x777d1da4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = VirtualAlloc, address = 0x777d2fb6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SwitchToThread, address = 0x777beb24 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SuspendThread, address = 0x777e0ca9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address = 0x777cba46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SizeofResource, address = 0x777c3e7f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadPriority, address = 0x777c4815 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadLocale, address = 0x777e88e6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetLastError, address = 0x777cbb08 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetFilePointer, address = 0x777cdb36 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetEvent, address = 0x777cbccc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetErrorMode, address = 0x777d4a51 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetEndOfFile, address = 0x777c2319 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ResumeThread, address = 0x777c0f1c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ResetEvent, address = 0x777cbcb4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RemoveDirectoryW, address = 0x777b586a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = ReadFile, address = 0x777c96fb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = RaiseException, address = 0x777beb60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address = 0x777c3ea8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = OpenProcess, address = 0x777c59d7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = MulDiv, address = 0x777cb7a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LockResource, address = 0x777bfd29 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LocalFree, address = 0x777cca64 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadResource, address = 0x777c984d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LoadLibraryW, address = 0x777d3c01 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = LeaveCriticalSection, address = 0x77ba7760 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = IsValidLocale, address = 0x777c3de4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeCriticalSection, address = 0x77bba149 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapFree, address = 0x777cbbd0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapDestroy, address = 0x777c2301 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapCreate, address = 0x777d3ea2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = HeapAlloc, address = 0x77bb2dd6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalUnlock, address = 0x777c9d50 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalSize, address = 0x777beb78 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalLock, address = 0x777c9e05 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalFree, address = 0x777c9cf9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalFindAtomW, address = 0x777c912d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalDeleteAtom, address = 0x777bf16c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalAlloc, address = 0x777c9ce1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GlobalAddAtomW, address = 0x777c70f9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVolumeInformationW, address = 0x777d7598 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVersionExW, address = 0x777c3b1a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetVersion, address = 0x777c154e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetUserDefaultLCID, address = 0x777d6584 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTimeZoneInformation, address = 0x777b8a3b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTickCount, address = 0x777cba60 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadPriority, address = 0x777c9147 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadLocale, address = 0x777c153c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetTempPathW, address = 0x777b8b33 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetStdHandle, address = 0x777d1e46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetProcAddress, address = 0x777d33d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleHandleW, address = 0x777d374d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetModuleFileNameW, address = 0x777d3c26 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLocaleInfoW, address = 0x777d6596 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLocalTime, address = 0x777ca90e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLastError, address = 0x777cbf00 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFullPathNameW, address = 0x777d4543 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFileSize, address = 0x777c0273 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFileAttributesW, address = 0x777d64ff |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetExitCodeThread, address = 0x777b6ddd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetEnvironmentVariableW, address = 0x777d65c4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceW, address = 0x777b3530 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDateFormatW, address = 0x777cafab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThreadId, address = 0x777cbb80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentThread, address = 0x777d3351 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcessId, address = 0x777ccac4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCurrentProcess, address = 0x777ccdcf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetComputerNameW, address = 0x777c03ff |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfoExW, address = 0x777b8b1b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetCPInfo, address = 0x777d1e2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetACP, address = 0x777d39aa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeResource, address = 0x777bf1bd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InterlockedExchange, address = 0x777cbf0a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InterlockedCompareExchange, address = 0x777cbb92 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FreeLibrary, address = 0x777cd9d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FormatMessageW, address = 0x777c54a3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindResourceW, address = 0x777c3e61 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindNextFileW, address = 0x777c963a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindFirstFileW, address = 0x777d53b2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FindClose, address = 0x777d0e62 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FileTimeToLocalFileTime, address = 0x777d2004 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = FileTimeToDosDateTime, address = 0x777c2ce1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnumSystemLocalesW, address = 0x7780f3df |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnumCalendarInfoW, address = 0x7780f38f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = EnterCriticalSection, address = 0x77ba77a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = DeleteFileW, address = 0x777c0f62 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = DeleteCriticalSection, address = 0x77bb9ac5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateThread, address = 0x777d375d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateProcessW, address = 0x7778204d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateFileW, address = 0x777ccc56 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateEventW, address = 0x777d3386 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CreateDirectoryW, address = 0x777c3925 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CompareStringW, address = 0x777c9bee |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = CloseHandle, address = 0x777cca7c |
|
1 | |
| MOD | LOAD | module_name = advapi32.dll, base_address = 0x77130000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExW, address = 0x771414d6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExW, address = 0x771446ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegQueryInfoKeyW, address = 0x771446e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyExW, address = 0x7714468d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegFlushKey, address = 0x7715773f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegEnumKeyExW, address = 0x771446c8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyExW, address = 0x771440fe |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address = 0x7714469d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address = 0x7714157a |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = Sleep, address = 0x777cba46 |
|
1 | |
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x77a00000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayPtrOfIndex, address = 0x77a1e1ce |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetUBound, address = 0x77a1e127 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetLBound, address = 0x77a1e173 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayCreate, address = 0x77a1e263 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeType, address = 0x77a05dee |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantCopyInd, address = 0x77a1e86c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantCopy, address = 0x77a048f1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantClear, address = 0x77a03eae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantInit, address = 0x77a03ed5 |
|
1 | |
| MOD | LOAD | module_name = oleaut32.dll, base_address = 0x77a00000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = GetErrorInfo, address = 0x77a03f21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = GetActiveObject, address = 0x77a48f58 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = SysFreeString, address = 0x77a03e59 |
|
1 | |
| MOD | LOAD | module_name = ole32.dll, base_address = 0x77620000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CreateStreamOnHGlobal, address = 0x7764363b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = IsAccelerator, address = 0x776e043e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleDraw, address = 0x776a0286 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleSetMenuDescriptor, address = 0x7767dc53 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleUninitialize, address = 0x7763eba1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = OleInitialize, address = 0x7763efd7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoTaskMemFree, address = 0x77676f41 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoTaskMemAlloc, address = 0x7766ea4c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = ProgIDFromCLSID, address = 0x776aef82 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = StringFromCLSID, address = 0x7763eb17 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstance, address = 0x77669d0b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoGetClassObject, address = 0x776554ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoUninitialize, address = 0x776686d3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoInitialize, address = 0x7763b636 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = IsEqualGUID, address = 0x776e041c |
|
1 | |
| MOD | LOAD | module_name = comctl32.dll, base_address = 0x74c90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address = 0x74d6f803 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address = 0x74d107d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address = 0x74d10894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address = 0x74d108c7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address = 0x74d6f80e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address = 0x74d108b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = _TrackMouseEvent, address = 0x74d122d1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetIconSize, address = 0x74d7b44e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetIconSize, address = 0x74ca50df |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Write, address = 0x74cd8b97 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Read, address = 0x74c93eae |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetDragImage, address = 0x74d7afbb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragShowNolock, address = 0x74d7b161 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragMove, address = 0x74d7b0f0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragLeave, address = 0x74d7b12a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DragEnter, address = 0x74d7b0b3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_EndDrag, address = 0x74d7a177 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_BeginDrag, address = 0x74d7b021 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetIcon, address = 0x74cbaf2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Remove, address = 0x74cbe333 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_DrawEx, address = 0x74ca10fd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Draw, address = 0x74d2c687 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetBkColor, address = 0x74cae8d2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetBkColor, address = 0x74d10183 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Add, address = 0x74ce8fa1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_SetImageCount, address = 0x74ce5249 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_GetImageCount, address = 0x74c9a8b9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Destroy, address = 0x74ca6471 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = ImageList_Create, address = 0x74ca3c75 |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address = 0x762834a3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoW, address = 0x762833e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address = 0x762794c9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address = 0x76283622 |
|
1 | |
| MOD | LOAD | module_name = msvcrt.dll, base_address = 0x761c0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\msvcrt.dll, function = memset, address = 0x761c9790 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\msvcrt.dll, function = memcpy, address = 0x761c9910 |
|
1 | |
| MOD | LOAD | module_name = shell32.dll, base_address = 0x764e0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteW, address = 0x764f3c71 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\shell32.dll, function = Shell_NotifyIconW, address = 0x765001c1 |
|
1 | |
| MOD | LOAD | module_name = wininet.dll, base_address = 0x771d0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = FindNextUrlCacheEntryW, address = 0x7720989c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = FindFirstUrlCacheEntryW, address = 0x7720978a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = FindCloseUrlCache, address = 0x77218409 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wininet.dll, function = DeleteUrlCacheEntryW, address = 0x77229573 |
|
1 | |
| MOD | LOAD | module_name = user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GetRawInputData, address = 0x762d4c21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = RegisterRawInputDevices, address = 0x76275b52 |
|
1 | |
| MOD | LOAD | module_name = oleacc.dll, base_address = 0x732a0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleacc.dll, function = AccessibleObjectFromWindow, address = 0x732a2480 |
|
1 | |
| MOD | LOAD | module_name = OLEACC.DLL, base_address = 0x732a0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleacc.dll, function = AccessibleChildren, address = 0x732a5d25 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadPreferredUILanguages, address = 0x777c22d7 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SetThreadPreferredUILanguages, address = 0x777be627 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetThreadUILanguage, address = 0x777bae42 |
|
1 | |
| SYS | GET_INFO | type = Hardware Information |
|
1 | |
| MOD | GET_FILENAME | file_name = |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetNativeSystemInfo, address = 0x777bbe77 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetDiskFreeSpaceExW, address = 0x777bde40 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\Embarcadero\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\Software\CodeGear\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Locales |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x77a00000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VariantChangeTypeEx, address = 0x77a04c28 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address = 0x77a7c802 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address = 0x77a7ec66 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address = 0x77a25934 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address = 0x77a7d332 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address = 0x77a7dbd4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address = 0x77a7e405 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address = 0x77a7f00a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address = 0x77a7f15e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address = 0x77a25a98 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address = 0x77a7ecfa |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address = 0x77a7ee2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address = 0x77a1b0dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarI4FromStr, address = 0x77a16fab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromStr, address = 0x77a201a0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarR8FromStr, address = 0x77a1699e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromStr, address = 0x77a26ba7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarCyFromStr, address = 0x77a46c12 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBoolFromStr, address = 0x77a1dbd1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromCy, address = 0x77a27fdc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromDate, address = 0x77a17a2a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrFromBool, address = 0x77a20355 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address = 0x77bb9981 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeConditionVariable, address = 0x77c05a7b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address = 0x77b845a5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address = 0x777b18be |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data_ident_out = 0 |
|
1 | |
| REG | READ_VALUE | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, value_name = MS Shell Dlg 2, data_ident_out = Tahoma |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x777b2004 |
|
1 | |
| MOD | LOAD | module_name = kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetLogicalProcessorInformation, address = 0x777b2004 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\ole32.dll, base_address = 0x77620000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoCreateInstanceEx, address = 0x77669d4e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoInitializeEx, address = 0x776609ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoAddRefServerProcess, address = 0x77683cf3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoReleaseServerProcess, address = 0x77684314 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoResumeClassObjects, address = 0x7762ea02 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ole32.dll, function = CoSuspendClassObjects, address = 0x7768bb02 |
|
1 | |
| MOD | LOAD | module_name = imm32.dll, base_address = 0x75fb0000 |
|
1 | |
| KEYBOARD | GET_INFO | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| MOD | GET_FILENAME | file_name = C:\Windows\Explorer.EXE |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| KEYBOARD | GET_INFO | type = KB_LOCALE_ID |
|
1 | |
| MOD | LOAD | module_name = imm32.dll, base_address = 0x75fb0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\imm32.dll, function = ImmIsIME, address = 0x75fb2ceb |
|
1 | |
| REG | OPEN_KEY | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = AnimateWindow, address = 0x762a0620 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, base_address = 0x74c90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = InitializeFlatSB, address = 0x74d6f803 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = UninitializeFlatSB, address = 0x74c9d1ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollProp, address = 0x74d6f81f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollProp, address = 0x74d107d0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_EnableScrollBar, address = 0x74d6f84b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_ShowScrollBar, address = 0x74d6f83a |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollRange, address = 0x74d6f829 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollInfo, address = 0x74d108b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_GetScrollPos, address = 0x74d6f80e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollPos, address = 0x74d10894 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollInfo, address = 0x74d108c7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, function = FlatSB_SetScrollRange, address = 0x74d108a5 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = SetLayeredWindowAttributes, address = 0x7627a6dc |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\user32.dll, base_address = 0x76270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = IsHungAppWindow, address = 0x762a7195 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = HungWindowFromGhostWindow, address = 0x762961f5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\user32.dll, function = GhostWindowFromHungWindow, address = 0x7627a561 |
|
1 | |
| MOD | LOAD | module_name = olepro32.dll, base_address = 0x73280000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ncsi.dll, function = OleCreatePropertyFrame, address = 0x732820ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ncsi.dll, function = OleCreateFontIndirect, address = 0x732820b7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ncsi.dll, function = OleCreatePictureIndirect, address = 0x732820c8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ncsi.dll, function = OleLoadPicture, address = 0x732820d9 |
|
1 | |
| MOD | GET_HANDLE | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77780000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\kernel32.dll, function = GetFileSizeEx, address = 0x777c59ef |
|
1 | |
| MOD | LOAD | module_name = security.dll, base_address = 0x73270000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ncsi.dll, function = InitSecurityInterfaceW, address = 0x75be5b53 |
|
1 | |
| WND | CREATE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| MOD | LOAD | module_name = wtsapi32.dll, base_address = 0x74690000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\wtsapi32.dll, function = WTSRegisterSessionNotification, address = 0x74691cbc |
|
1 | |
| MOD | LOAD | module_name = uxtheme.dll, base_address = 0x74b10000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = BufferedPaintInit, address = 0x74b1940e |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| MOD | LOAD | module_name = uxtheme.dll, base_address = 0x74b10000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = OpenThemeData, address = 0x74b173d2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = CloseThemeData, address = 0x74b16a18 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeBackground, address = 0x74b13982 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeText, address = 0x74b14ea1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundContentRect, address = 0x74b1cd2e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundExtent, address = 0x74b1f8bf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemePartSize, address = 0x74b1cdb1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextExtent, address = 0x74b12d57 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeTextMetrics, address = 0x74b1f992 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBackgroundRegion, address = 0x74b2165d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = HitTestThemeBackground, address = 0x74b23ce3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeEdge, address = 0x74b33b52 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeIcon, address = 0x74b435e7 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemePartDefined, address = 0x74b185b4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemeBackgroundPartiallyTransparent, address = 0x74b160ab |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeColor, address = 0x74b1616c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMetric, address = 0x74b206e2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeString, address = 0x74b422e4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeBool, address = 0x74b17c1f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeInt, address = 0x74b1616c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeEnumValue, address = 0x74b1616c |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemePosition, address = 0x74b42350 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFont, address = 0x74b1ff21 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeRect, address = 0x74b23611 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeMargins, address = 0x74b186e9 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeIntList, address = 0x74b423b1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemePropertyOrigin, address = 0x74b33fbb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = SetWindowTheme, address = 0x74b20134 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeFilename, address = 0x74b42412 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColor, address = 0x74b33274 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysColorBrush, address = 0x74b4301e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysBool, address = 0x74b43172 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysSize, address = 0x74b4320b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysFont, address = 0x74b429c4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysString, address = 0x74b42b3f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeSysInt, address = 0x74b42bd3 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemeActive, address = 0x74b1f785 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsAppThemed, address = 0x74b1f869 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetWindowTheme, address = 0x74b1df46 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = EnableThemeDialogTexture, address = 0x74b1fcaf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = IsThemeDialogTextureEnabled, address = 0x74b4312b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeAppProperties, address = 0x74b20fb1 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = SetThemeAppProperties, address = 0x74b43296 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetCurrentThemeName, address = 0x74b205dd |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = GetThemeDocumentationProperty, address = 0x74b42932 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeParentBackground, address = 0x74b153e5 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = EnableTheming, address = 0x74b42feb |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\uxtheme.dll, function = DrawThemeTextEx, address = 0x74b163e6 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 1500 milliseconds (1.500 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 60000 milliseconds (60.000 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = , class_name = TPUtilWindow, x_coordinate = 0, y_coordinate = 0, width = 0, height = 0 |
|
1 | |
| SYS | SLEEP | duration = 60000 milliseconds (60.000 seconds) |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| WND | CREATE | window_name = Explorer, window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0, window_parameter = 0 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = FrmMwM41n, class_name = TFrmMwM41n, x_coordinate = 18446744073709551164, y_coordinate = 18446744073709551164, width = 320, height = 240 |
|
1 | |
| WND | FIND | window_name = k8w0 |
|
1 | |
| FILE | DELETE | file_name = c:\users\public\n3eg\n3e.vbs |
|
1 | |
| FILE | DELETE | file_name = c:\users\public\n3eg\n3e.vbs |
|
1 | |
| FILE | CREATE | file_name = c:\users\public\n3eg\wvs, desired_access = GENERIC_WRITE, GENERIC_READ, create_disposition = CREATE_ALWAYS, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| FILE | WRITE | file_name = c:\users\public\n3eg\wvs, size = 4 |
|
1 | |
| WND | SET_ATTRIBUTE | window_name = Explorer, class_name = TApplication, x_coordinate = 720, y_coordinate = 450, width = 0, height = 0 |
|
1 | |
| SYS | GET_CURSOR | x_out = 1428, y_out = 797 |
|
17 | |
| SYS | GET_CURSOR | x_out = 814, y_out = 22 |
|
4 | |
| SYS | SLEEP | duration = 600000 milliseconds (600.000 seconds) |
|
1 | |
| MOD | LOAD | module_name = WS2_32.DLL, base_address = 0x75fd0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = WSAStartup, address = 0x75fd3ab2 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = GetAddrInfoW, address = 0x75fd4889 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = GetNameInfoW, address = 0x75fd66af |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = FreeAddrInfoW, address = 0x75fd4b1b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = InetPtonW, address = 0x75fe39dc |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = InetNtopW, address = 0x75fe3abf |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = GetAddrInfoExW, address = 0x75fdd1ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = SetAddrInfoExW, address = 0x75fdf4f6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = FreeAddrInfoExW, address = 0x75fde14d |
|
1 | |
| MOD | LOAD | module_name = Fwpuclnt.dll, base_address = 0x72470000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSASetSocketPeerTargetName, address = 0x7248bb1e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSADeleteSocketPeerTargetName, address = 0x7248bb4e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSAImpersonateSocketPeer, address = 0x7248bb7e |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSAQuerySocketSecurity, address = 0x7248baed |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\fwpuclnt.dll, function = WSARevertImpersonation, address = 0x7248bcfd |
|
1 | |
| MOD | LOAD | module_name = IdnDL.dll, base_address = 0x6ee90000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\idndl.dll, function = DownlevelGetLocaleScripts, address = 0x6ee92a5b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\idndl.dll, function = DownlevelGetStringScripts, address = 0x6ee92b2f |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\idndl.dll, function = DownlevelVerifyScripts, address = 0x6ee92dad |
|
1 | |
| MOD | LOAD | module_name = Normaliz.dll, base_address = 0x77cd0000 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IdnToUnicode, address = 0x7781f707 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IdnToNameprepUnicode, address = 0x7781f6b4 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IdnToAscii, address = 0x777b8bb8 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = IsNormalizedString, address = 0x7781f662 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\normaliz.dll, function = NormalizeString, address = 0x7781f5ea |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = socket, address = 0x75fd3eb8 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = getsockopt, address = 0x75fd737d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = setsockopt, address = 0x75fd41b6 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = htons, address = 0x75fd2d8b |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = bind, address = 0x75fd4582 |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = getsockname, address = 0x75fd30af |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = ntohs, address = 0x75fd2d8b |
|
1 | |
| DNS | RESOLVE_NAME | host = carvas32ltda.com |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = connect, address = 0x75fd6bdd |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = WSAGetLastError, address = 0x75fd37ad |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = shutdown, address = 0x75fd449d |
|
1 | |
| MOD | GET_PROC_ADDRESS | module_name = c:\windows\system32\ws2_32.dll, function = closesocket, address = 0x75fd3918 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carva32ssa.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = bandeivacomercial.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = bandeivacomercio.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carvas32ltda.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 | |
| SCK | CREATE | address_family = AF_INET, type = SOCK_STREAM, protocol = IPPROTO_IP |
|
1 | |
| SCK | BIND | local_address = 0.0.0.0, local_port = 0 |
|
1 | |
| DNS | RESOLVE_NAME | host = carva32ssa.com |
|
1 | |
| SCK | CONNECT | remote_address = 187.191.100.112, remote_port = 80 |
|
1 |
