Suspected Zeus Panda Banking Trojan | Sequential Behavior
Try VMRay Analyzer
Monitored Processes
Process Graph
Behavior Information - Sequential View
Process #1: zeuspanda.vir.exe
(Host: 575, Network: 0)
+
Information Value
ID #1
File Name c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe
Command Line "C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe"
Initial Working Directory C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor Start Time: 00:00:27, Reason: Analysis Target
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:15:00
OS Process Information
+
Information Value
PID 0xfc0
Parent PID 0x728 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:00013d92 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x FC4
0x FD0
0x FD4
0x 95C
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000020000 0x00020000 0x00023fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True True False
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True True False
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory Readable, Writable True True False
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000001c0000 0x001c0000 0x001c1fff Private Memory Readable, Writable True True False
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory Readable, Writable True True False
private_0x0000000000210000 0x00210000 0x0024ffff Private Memory Readable, Writable True True False
private_0x0000000000250000 0x00250000 0x00250fff Private Memory Readable, Writable True True False
pagefile_0x0000000000260000 0x00260000 0x00260fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000270000 0x00270000 0x00276fff Private Memory Readable, Writable True True False
private_0x0000000000280000 0x00280000 0x0028ffff Private Memory Readable, Writable True True False
locale.nls 0x00290000 0x0034dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000350000 0x00350000 0x003effff Private Memory Readable, Writable True True False
private_0x0000000000350000 0x00350000 0x0038ffff Private Memory Readable, Writable True True False
c_1256.nls 0x00350000 0x00360fff Memory Mapped File Readable False False False
  • Region Actions
c_1251.nls 0x00370000 0x00380fff Memory Mapped File Readable False False False
  • Region Actions
c_1254.nls 0x00390000 0x003a0fff Memory Mapped File Readable False False False
  • Region Actions
c_1250.nls 0x003b0000 0x003c0fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000003d0000 0x003d0000 0x003d3fff Private Memory Readable, Writable True True False
private_0x00000000003e0000 0x003e0000 0x003effff Private Memory Readable, Writable True True False
private_0x00000000003f0000 0x003f0000 0x004effff Private Memory Readable, Writable True True False
private_0x00000000004f0000 0x004f0000 0x005effff Private Memory Readable, Writable True True False
private_0x00000000005f0000 0x005f0000 0x006effff Private Memory Readable, Writable True True False
pagefile_0x00000000006f0000 0x006f0000 0x00877fff Pagefile Backed Memory Readable True False False
  • Region Actions
c_1253.nls 0x00880000 0x00890fff Memory Mapped File Readable False False False
  • Region Actions
c_1257.nls 0x008a0000 0x008b0fff Memory Mapped File Readable False False False
  • Region Actions
c_1255.nls 0x008c0000 0x008d0fff Memory Mapped File Readable False False False
  • Region Actions
c_932.nls 0x008e0000 0x00907fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000910000 0x00910000 0x0091ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000910000 0x00910000 0x00917fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000910000 0x00910000 0x00910fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000920000 0x00920000 0x0092ffff Private Memory Readable, Writable True True False
c_949.nls 0x00930000 0x00960fff Memory Mapped File Readable False False False
  • Region Actions
c_874.nls 0x00970000 0x00980fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000990000 0x00990000 0x0099ffff Private Memory Readable, Writable True True False
pagefile_0x00000000009a0000 0x009a0000 0x00b20fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000b30000 0x00b30000 0x01f2ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001f30000 0x01f30000 0x0202ffff Private Memory Readable, Writable True True False
c_1258.nls 0x02030000 0x02040fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000002050000 0x02050000 0x0205ffff Private Memory Readable, Writable True True False
pagefile_0x0000000002060000 0x02060000 0x02551fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x02560000 0x02896fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000028a0000 0x028a0000 0x02a9ffff Private Memory Readable, Writable True True False
private_0x0000000002aa0000 0x02aa0000 0x02e9ffff Private Memory Readable, Writable True True False
private_0x0000000002ea0000 0x02ea0000 0x0369ffff Private Memory Readable, Writable True True False
private_0x00000000036a0000 0x036a0000 0x0379ffff Private Memory Readable, Writable True True False
private_0x00000000037a0000 0x037a0000 0x0476ffff Private Memory Readable, Writable True False False
  • Region Actions
c_936.nls 0x04770000 0x047a0fff Memory Mapped File Readable False False False
  • Region Actions
c_950.nls 0x047b0000 0x047e0fff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x00000000047f0000 0x047f0000 0x047f0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004800000 0x04800000 0x04887fff Private Memory Readable, Writable, Executable True True False
private_0x0000000004890000 0x04890000 0x0498ffff Private Memory Readable, Writable True True False
private_0x0000000004890000 0x04890000 0x048a5fff Private Memory Readable, Writable True True False
private_0x0000000004890000 0x04890000 0x0490ffff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04910fff Private Memory Readable, Writable, Executable True True False
private_0x0000000004910000 0x04910000 0x0491ffff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
pagefile_0x0000000004910000 0x04910000 0x04917fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04925fff Private Memory Readable, Writable True True False
private_0x0000000004910000 0x04910000 0x04913fff Private Memory Readable, Writable True True False
private_0x0000000004920000 0x04920000 0x04982fff Private Memory Readable, Writable True True False
pagefile_0x0000000004930000 0x04930000 0x04937fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
kernelbase.dll.mui 0x04990000 0x04a6efff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000004a70000 0x04a70000 0x04e6ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004c10000 0x04c10000 0x04c9ffff Private Memory Readable, Writable True True False
zeuspanda.vir.exe 0x20c80000 0x20ce8fff Memory Mapped File Readable, Writable, Executable True True False
wow64cpu.dll 0x5c9f0000 0x5c9f7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x5ca00000 0x5ca72fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x5ca80000 0x5cacefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x731f0000 0x73217fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
samlib.dll 0x73220000 0x73232fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
samcli.dll 0x73240000 0x73253fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
netutils.dll 0x73260000 0x73269fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x73270000 0x73277fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
srvcli.dll 0x73280000 0x7329bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wkscli.dll 0x732a0000 0x732affff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x732b0000 0x73341fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x73350000 0x7337ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
netapi32.dll 0x73380000 0x73392fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x733b0000 0x733defff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x733e0000 0x733f2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x73430000 0x734a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
apphelp.dll 0x734b0000 0x73540fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x73550000 0x7356afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winspool.drv 0x73840000 0x738a6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x73c40000 0x73c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74230000 0x74288fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74290000 0x74299fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x742a0000 0x742bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clbcatq.dll 0x742c0000 0x74341fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x74500000 0x7463ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x74640000 0x74729fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x74730000 0x7475afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x74760000 0x75b1efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x75b80000 0x75c3dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x75c40000 0x75c83fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x75d40000 0x75dbafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x75dc0000 0x75e03fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
coml2.dll 0x75e10000 0x75e67fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75e70000 0x75f1bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75f20000 0x76095fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x760a0000 0x760e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x76280000 0x7630cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x763b0000 0x76441fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x76450000 0x76455fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x764d0000 0x769acfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x769b0000 0x76afcfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comdlg32.dll 0x76b00000 0x76bbdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x76bc0000 0x76caffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x76cf0000 0x76ea9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x76eb0000 0x76ebbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x77040000 0x77046fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x77050000 0x7705efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77070000 0x7718ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77190000 0x77308fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sysmain.sdb 0x7fb20000 0x7feaffff Memory Mapped File Readable False False False
  • Region Actions
private_0x000000007fead000 0x7fead000 0x7feaffff Private Memory Readable, Writable True True False
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ffd5000 0x7ffd5000 0x7ffd7fff Private Memory Readable, Writable True True False
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory Readable, Writable True True False
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory Readable, Writable True True False
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True True False
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7ffb3d30ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ffb3d310000 0x7ffb3d4d1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffb3d4d2000 0x7ffb3d4d2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 395.00 KB (404480 bytes) MD5: c9522f83c60a595694b2e4c6657982d0
SHA1: 8011fd0a959b7d17696306c4ab36c4974540cada
SHA256: b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b 		False
c:\users\ciihmn~1\appdata\local\temp\upd7d80021e.bat 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\upd7d80021e.bat 0.20 KB (206 bytes) MD5: 8af8618d93663f6360c20339ef5a5364
SHA1: 4d591882d8ab227e1a26755190d09b6b902e5101
SHA256: 3378fe0a23cbc25838f64841aee8cc0f589bb2bc6d5b901b3bf015aea3a04dc9 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 296.00 KB (303104 bytes) MD5: 2bbf4515f3f42a943b2732e24fc9f19e
SHA1: ce487e80749edeccbadefa9c6fb967ca743e70bd
SHA256: af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f 		False
Threads
Thread 0xfc4
(Host: 505, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76bda330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76bd7580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76bd9910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76bdf400 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, size = 260 True 1
Fn
Window Create class_name = static, wndproc_parameter = 0 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 3
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x771fe7b0 True 1
Fn
Registry Open Key reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001} False 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001}, value_name = AccessPermission False 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001}, value_name = AccessPermission, data = 0 False 1
Fn
COM Create interface = 00000109-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Get Handle module_name = c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe, base_address = 0x20c80000 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:33 (UTC) True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76bd7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76bd9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76bd25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x771cbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x771cda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76bdd940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76bd7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76bd7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76bd77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76bdd8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76bda0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76bd7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76bd9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74500000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x74534500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x771ef090 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x771e95f0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shlwapi.dll, base_address = 0x75dc0000 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:34 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:34 (UTC) True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\secur32.dll, base_address = 0x73c40000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x742a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x742ac5f0 True 1
Fn
Mutex Create mutex_name = 8C5FF35F44C67C34381EFF128FE58575 True 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = 8C5FF35F44C67C34381EFF128FE58575 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shell32.dll, base_address = 0x74760000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x74640000 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x76cf0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CLSIDFromString, address_out = 0x76da1390 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x76450000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, size = 260 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:34 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:34 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info type = file_attributes False 1
Fn
File Create Directory - False 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
File Create filename = \??\C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Get Info filename = \??\C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, type = extended False 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\user32.dll, base_address = 0x74500000 True 1
Fn
Keyboard Get Info type = KB_LOCALE_ID True 2
Fn
File Create filename = C:\popupkiller.exe, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\stimulator.exe, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = C:\TOOLS\execute.exe, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Module Load module_name = SbieDll.dll, base_address = 0x0 False 1
Fn
Mutex Create mutex_name = Sandboxie_SingleInstanceMutex_Control True 1
Fn
Mutex Create mutex_name = Frz_State True 1
Fn
File Create filename = \\.\NPF_NdisWanIp, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = wine_get_unix_file_name, address_out = 0x0 False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\WINE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\WINE False 1
Fn
File Create filename = \\.\SICE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\SIWVID, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\SIWDEBUG, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\NTICE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\REGVXG, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\FILEVXG, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\REGSYS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\FILEM, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\TRW, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Create filename = \\.\ICEXT, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
Mutex Create mutex_name = 4F35AC27449784784508471CC1E930C7 True 1
Fn
Mutex Open mutex_name = ACD86ED691154353041C7827C4241C0D, desired_access = SYNCHRONIZE False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
System Sleep duration = 0 milliseconds (0.000 seconds) True 37
Fn
System Sleep duration = 0 milliseconds (0.000 seconds) True 9
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\WcmSvc True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Narrator True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IMEMIP True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Poom True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Poom True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\WAB True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Shared True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Sensors True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Siuf True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\wfs True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fax True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Narrator True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\WcmSvc True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\wfs True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\PeerNet True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\WcmSvc True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Unistore True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Feeds True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GameBar True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Pim True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Osk True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\wfs True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Wisp True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Sensors True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\F12 True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Poom True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\PeerNet True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\WcmSvc True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Keyboard True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Narrator True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GameBar True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\IMEMIP True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\VBA True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\WAB True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\GameBar True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Pim True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\SQMClient True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\PeerNet True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Pim True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ofumig True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Lineo True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Peet True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Fax True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Exchange True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSF True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Abanz True 1
Fn
Registry Get Key Info reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:34 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:34 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info type = file_attributes False 1
Fn
File Create Directory - False 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:34 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:34 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info type = file_attributes False 1
Fn
File Create Directory - False 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, type = size, size_out = 404480 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, size = 404480, size_out = 404480 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 404480 True 1
Fn
Data
File Create filename = \??\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = FILE_WRITE_EA, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_BACKUP_SEMANTICS, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = time True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:35 (UTC) True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:35 (UTC) True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:35 (UTC) True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:35 (UTC) True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\kinto.pyi, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, desired_access = FILE_WRITE_ATTRIBUTES, share_mode = FILE_SHARE_READ False 1
Fn
Process Create process_name = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe", os_pid = 0xd34, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Mutex Release mutex_name = 4F35AC27449784784508471CC1E930C7 True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 2
Fn
File Write filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, size = 206 True 1
Fn
Data
Environment Get Environment String name = ComSpec, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Process Create process_name = "C:\Windows\system32\cmd.exe" /c "C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat", os_pid = 0xd2c, creation_flags = CREATE_DEFAULT_ERROR_MODE, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE True 1
Fn
Process #2: containers.exe
(Host: 252, Network: 0)
+
Information Value
ID #2
File Name c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe
Command Line "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe"
Initial Working Directory C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
Monitor Start Time: 00:00:39, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:14:48
OS Process Information
+
Information Value
PID 0xd34
Parent PID 0xfc0 (c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe)
Is Created or Modified Executable True
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:00013d92 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D30
0x D20
0x D28
0x 70C
0x 2C0
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000020000 0x00020000 0x00023fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True True False
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True True False
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True True False
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory Readable, Writable True True False
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000001c0000 0x001c0000 0x001c1fff Private Memory Readable, Writable True True False
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory Readable, Writable True True False
private_0x0000000000210000 0x00210000 0x00210fff Private Memory Readable, Writable True True False
private_0x0000000000220000 0x00220000 0x0022ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000230000 0x00230000 0x00230fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000240000 0x00240000 0x00246fff Private Memory Readable, Writable True True False
private_0x0000000000250000 0x00250000 0x0025ffff Private Memory Readable, Writable True True False
private_0x0000000000260000 0x00260000 0x0035ffff Private Memory Readable, Writable True True False
locale.nls 0x00360000 0x0041dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000420000 0x00420000 0x0051ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000520000 0x00520000 0x006a7fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000006b0000 0x006b0000 0x00830fff Pagefile Backed Memory Readable True False False
  • Region Actions
c_1256.nls 0x00840000 0x00850fff Memory Mapped File Readable False False False
  • Region Actions
c_1251.nls 0x00860000 0x00870fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000880000 0x00880000 0x0088ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000890000 0x00890000 0x01c8ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001c90000 0x01c90000 0x01d17fff Private Memory Readable, Writable, Executable True True False
c_1254.nls 0x01d20000 0x01d30fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000001d40000 0x01d40000 0x01d4ffff Private Memory Readable, Writable True True False
c_1250.nls 0x01d50000 0x01d60fff Memory Mapped File Readable False False False
  • Region Actions
c_1253.nls 0x01d70000 0x01d80fff Memory Mapped File Readable False False False
  • Region Actions
c_1257.nls 0x01d90000 0x01da0fff Memory Mapped File Readable False False False
  • Region Actions
c_1255.nls 0x01db0000 0x01dc0fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000001dd0000 0x01dd0000 0x01dd3fff Private Memory Readable, Writable True True False
private_0x0000000001de0000 0x01de0000 0x01deffff Private Memory Readable, Writable True True False
pagefile_0x0000000001df0000 0x01df0000 0x022e1fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x022f0000 0x02626fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000002630000 0x02630000 0x0272ffff Private Memory Readable, Writable True True False
private_0x0000000002730000 0x02730000 0x0292ffff Private Memory Readable, Writable True True False
private_0x0000000002930000 0x02930000 0x02d2ffff Private Memory Readable, Writable True True False
private_0x0000000002d30000 0x02d30000 0x0352ffff Private Memory Readable, Writable True True False
private_0x0000000003530000 0x03530000 0x0362ffff Private Memory Readable, Writable True True False
private_0x0000000003630000 0x03630000 0x045fffff Private Memory Readable, Writable True False False
  • Region Actions
kernelbase.dll.mui 0x04600000 0x046defff Memory Mapped File Readable False False False
  • Region Actions
c_932.nls 0x046e0000 0x04707fff Memory Mapped File Readable False False False
  • Region Actions
c_949.nls 0x04710000 0x04740fff Memory Mapped File Readable False False False
  • Region Actions
c_874.nls 0x04750000 0x04760fff Memory Mapped File Readable False False False
  • Region Actions
c_1258.nls 0x04770000 0x04780fff Memory Mapped File Readable False False False
  • Region Actions
c_936.nls 0x04790000 0x047c0fff Memory Mapped File Readable False False False
  • Region Actions
c_950.nls 0x047d0000 0x04800fff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000004810000 0x04810000 0x04c0ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004810000 0x04810000 0x0481ffff Private Memory Readable, Writable True True False
private_0x0000000004810000 0x04810000 0x04825fff Private Memory Readable, Writable True True False
pagefile_0x0000000004810000 0x04810000 0x04818fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004810000 0x04810000 0x0488ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004830000 0x04830000 0x04838fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004890000 0x04890000 0x04890fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000048a0000 0x048a0000 0x048a0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000048b0000 0x048b0000 0x048b0fff Private Memory Readable, Writable, Executable True True False
private_0x00000000048b0000 0x048b0000 0x048b3fff Private Memory Readable, Writable True True False
private_0x00000000048c0000 0x048c0000 0x048c0fff Private Memory Readable, Writable True True False
private_0x0000000004a60000 0x04a60000 0x04aeffff Private Memory Readable, Writable True True False
containers.exe 0x20c80000 0x20ce8fff Memory Mapped File Readable, Writable, Executable True True False
wow64cpu.dll 0x5c9f0000 0x5c9f7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x5ca00000 0x5ca72fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x5ca80000 0x5cacefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x731f0000 0x73217fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
samlib.dll 0x73220000 0x73232fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
samcli.dll 0x73240000 0x73253fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
netutils.dll 0x73260000 0x73269fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x73270000 0x73277fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
srvcli.dll 0x73280000 0x7329bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wkscli.dll 0x732a0000 0x732affff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x732b0000 0x73341fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x73350000 0x7337ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
netapi32.dll 0x73380000 0x73392fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x733b0000 0x733defff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x733e0000 0x733f2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x73430000 0x734a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
apphelp.dll 0x734b0000 0x73540fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x73550000 0x7356afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winspool.drv 0x73840000 0x738a6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x73c40000 0x73c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74230000 0x74288fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74290000 0x74299fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x742a0000 0x742bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
clbcatq.dll 0x742c0000 0x74341fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x74500000 0x7463ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x74640000 0x74729fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x74730000 0x7475afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x74760000 0x75b1efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x75b80000 0x75c3dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x75c40000 0x75c83fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x75d40000 0x75dbafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x75dc0000 0x75e03fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
coml2.dll 0x75e10000 0x75e67fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75e70000 0x75f1bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75f20000 0x76095fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x760a0000 0x760e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x76280000 0x7630cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x763b0000 0x76441fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x76450000 0x76455fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x764d0000 0x769acfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x769b0000 0x76afcfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comdlg32.dll 0x76b00000 0x76bbdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x76bc0000 0x76caffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x76cf0000 0x76ea9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x76eb0000 0x76ebbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x77040000 0x77046fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x77050000 0x7705efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77070000 0x7718ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77190000 0x77308fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory Readable, Writable True True False
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory Readable, Writable True True False
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True True False
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7ffb3d30ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ffb3d310000 0x7ffb3d4d1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffb3d4d2000 0x7ffb3d4d2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Modified Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.25 KB (261 bytes) MD5: 51b6060100f780fce4687b38c704d5ce
SHA1: 042c3d3f4b86f9f96e68920c0b901283bd970e74
SHA256: 03740e5e8bdabe598aa134e8ddbc357e579862958521e3d29e6b132c2c1c141d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.51 KB (521 bytes) MD5: 1a275f9e63c860ef608a51a5a3527307
SHA1: c9b3c104370936d1e60d676a90c7e84a35a82b24
SHA256: 93076500f8ab254623272097c4c606fa1e6de92c2ba8cc8740864850ca5864ce 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.06 KB (1088 bytes) MD5: 948fe2a5c930b6d9504679078f445a66
SHA1: 5e4c7f692158a2b85f2cf38a24989012b040c102
SHA256: f7a66a9161b11249f4020df4ebfdd02ee989395e92577e8903425e0a87c16f06 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.34 KB (1370 bytes) MD5: b67ead1d72ba6a82978412b41ae0b19c
SHA1: dc9545e9632244d1e73aa2e66c9127e41107fe16
SHA256: bd7484200703ebc39ac41862d1dfc800c2747ba2f2c56556c18e073a38e8866e 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.55 KB (1587 bytes) MD5: c8d692d45464cec7ac72a410014618a1
SHA1: 86337fe9402384748c740602d8f5b196da4f42fc
SHA256: c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.25 KB (254 bytes) MD5: 49747746e04d96ab1c4af1a3226a55ee
SHA1: 36dc5b141b172b2713a9066a7cda901d52e602be
SHA256: 62e8fef6ef9b4ab3643edc4c98d44ed12f977498c3a775780e020314ada02054 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.49 KB (503 bytes) MD5: ecddd67cc1bb94b684d4bb7116c7c4d4
SHA1: e4789ae1ef0db80c39de1cd932169610d7a1bca0
SHA256: dc2860ef55a5c6ebe873ae1dbe5170c0980caa038c428fbc8852ecc03c991104 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.72 KB (734 bytes) MD5: 11f304d86594e21db142e4d5477062c9
SHA1: 3c7f01ede74be6544ec703d59b14c172d1bbdc6c
SHA256: 14657a3e73f8e5e77ad0e5cf7627765fbbd1ea30b82cf2cd51bb681d05065a95 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.96 KB (983 bytes) MD5: 5be86a9a54bb683c5dd22e6ccd6e8129
SHA1: 2553416e93dcb6d1cca9762ac757c72c2ff0ead4
SHA256: fd4a1be1fa728d58a611eccfa621d1861511dd308147af1d7852050a9822225d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.19 KB (1214 bytes) MD5: 5d3538851bd0ecca9846381671ae62c7
SHA1: 9cd12936f4234d55fc8d47e3e5c2e7fb8a4ef9f0
SHA256: 95edcf90f9002af85a5a820903fb56248b5ce95709a66df6b443823b1a933b12 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.43 KB (1461 bytes) MD5: 2ce03089882c124fc7e93e69e967a465
SHA1: 0ad1882034ced37f2e9b1dd5b9ec891b33a406b7
SHA256: 8ceb88a73a20dd2a8fc1d98e55e4e18fbb627f347b000ebe2940f886eb2c88e7 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.69 KB (1734 bytes) MD5: b701d42ccbf8f6bfa08728e994325c11
SHA1: 87da3c9bcd2b15c9e9be7f50af6b0d803328175e
SHA256: fb6015ef2fe52d690b51ac76e5b78900a7946c02479e2f7c8cb692192a2fd56e 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.92 KB (1965 bytes) MD5: 6be161c2953cae565b22a07e201f8726
SHA1: 9c5b9455744dcdc3d950afeab16eedb5d20baf25
SHA256: a4d02adcbe9f8b2bafe87f7c1c96cf5156b3449eff825079c92a187e1a9978e8 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.16 KB (2213 bytes) MD5: bfbc0cdfb9d6f21a9fa39a14d8e96bc0
SHA1: 9265f255415543b449a4d4b8cc57574067a0e121
SHA256: ce2e61a5890c0d208981dec87ad662f7c40bde22ceac84c445cc509716c350dc 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.71 KB (2780 bytes) MD5: 999ad5e81467737e11970863123091ca
SHA1: 92cb1de3bc8d9a70180f2bfa965373e7fc3302f8
SHA256: ed61788db9b00ea79918b068bef79c0af244a5dd6ddab7c692eb0361becd8622 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.94 KB (3011 bytes) MD5: 54b20d7537b460847a75649fb0142a27
SHA1: 3ab9fbee5b9e8bdd1d45238c4d6415ce68a82c90
SHA256: c1f1310bf8192b9760b04ac129ada80c4d8febfe9062f8a1bebb60ec65bf7045 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.18 KB (3259 bytes) MD5: 3a2e7422dc29c5bfcba2bf3e33906bfc
SHA1: 6bbdbf576600499933171f533b527ef589cfa3e2
SHA256: 6c6b1751aea374e804aecdd3543826ce73aaf785124f74fdbf26b90d2546af46 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.41 KB (3490 bytes) MD5: a1592dfa53f9c764309db9727edea7ca
SHA1: 7517c6396f46a4f0f6239954c5e5fbc305bcd9ca
SHA256: ddeceb8cddc56e5d5207a53d3be2c7756d3418be353fd959fc0f4b48c2ff1eab 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.65 KB (3738 bytes) MD5: 53b08ad589b28aac3a88f3c35ce38c39
SHA1: 5305e9b775a99d2021bb21fab6f88453feff1699
SHA256: 9b0ea3d5aebbec0c1c59cfdb881d3dfd126a42f435b013bfd4de9de3a9d864d3 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.88 KB (3969 bytes) MD5: 2c1a3d36b842dbc532141e89b7c626d5
SHA1: dfef1e8145ebda70f9cc7a95684ac141dc5c9b1b
SHA256: ececa735534ec922d178ed1bde6272662138867456807e72a6fb6bbebcb82c37 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.12 KB (4218 bytes) MD5: 864e411b102ddac6e0df717316a0eaf1
SHA1: 06735b9799bd44b1b36211569751cb20ff98e88a
SHA256: d5f8c0393c9b2516121ff25157de89d76d0a6ee0e66df30bdd4068f53ef03bb9 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.34 KB (4449 bytes) MD5: e43cbda4b6350cb4e7f415e3d3ea5506
SHA1: 00729b2a545320e3c3a6aa2b307931bc9f2e9372
SHA256: db5a979a33461d2323fc0f63154071fdf3d12599ea01bb9f48e337b40ad530a1 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.55 KB (4663 bytes) MD5: c04415bfd79968e902df855136a9d018
SHA1: e8004c53ed2e92805439f503dc1c53356bdc2e14
SHA256: c2ad3b5608da3de3a47e6fcb12ba56ec1842afbdc82c63c7d202d94f3a775f81 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.83 KB (4943 bytes) MD5: fe927ca9fbc42f662033aa5c643d2bf3
SHA1: cd85ad97c06d7c65c800cf8f47f567dd6d4574c9
SHA256: 1f5f4564ebbb8e12991bb510fa3f97a433ea78cb1ee1ce515971aa1f3190cfb8 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.09 KB (5210 bytes) MD5: ac35a77e5f471e14598cca890297ba16
SHA1: 95ebdccb609b0d33306da88224d346ee5be88b7f
SHA256: aa0cd4e444571a2d10591893338fc5cab75c4ddc762b00c024f6c5dcce4fc66d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.31 KB (5435 bytes) MD5: 1385bb15ef5cca5c422d7d61c347ad5e
SHA1: 73955aa3ae5a94ee80d09d0f4613683689b726a6
SHA256: 95e2d27d5e772befcc7b611d7b808cbe46589134040e988a6a7347c1d089e567 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.55 KB (5688 bytes) MD5: 8b3bfce1c16eb6566c2bbc0ed737e116
SHA1: 691b0ec29bd493152b5b1639d8f60d89634eb10f
SHA256: 69974b9832c0ea7404157c42f1e574bf38195e2dae84054675da2e48ce42a5a1 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.78 KB (5921 bytes) MD5: dfb2bf20712433200a0f34e89bfd1f8f
SHA1: b0309b2e99c4cacb66067c3aea3030a5db4b410f
SHA256: f9854d06c855c0952576fbb6ec99e620c83aff8d29c4f6f0d8a951629df831d5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.04 KB (6181 bytes) MD5: 1982212cfa01f20061a76a24946aed06
SHA1: 119044373b3116f33c0aad617457ad3468dfc9b5
SHA256: c90ae99ea1f2aff36442e10f37fd34659f44c5af1812619a234b42e8469f062e 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.29 KB (6441 bytes) MD5: 2fa430402ff82bbcd87c761c904aa8c1
SHA1: 4a42bab79bfcc7893695048c3466d3283ed13d5f
SHA256: 10a5bda3b3bf4ae81795228c425c0f943688254021757a2aed75917d107425b7 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.84 KB (7008 bytes) MD5: 3e9f4dd5161fccfa15a1f3f04ac252b1
SHA1: b1f15b0caca81aad6a9a6d923bc7854c45d2510e
SHA256: 911c87d7b39d72b455bc96d145e8b59860473c95f119cf374527678489a1c31b 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 7.12 KB (7290 bytes) MD5: 37662643f607ec29fa5ce2ec030368b7
SHA1: 1cd8ec22ca372961ba9c136d97b9860a592284da
SHA256: 4b31703b7fb7e1210ff47e78f4a9aaedb1fa0691aa79b8f027904c609aad48fa 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 7.35 KB (7530 bytes) MD5: b3d656149a3a368dda644aef62d7d833
SHA1: 79b7d2f2009e3d262c819aa53a3cc7d4bd49d438
SHA256: 86898ed575082485010666ba1381f8063f941e8261f04801a84b3ab7d82d40b4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 7.91 KB (8097 bytes) MD5: 29f217ef55494025752782daf9fc6632
SHA1: 11dce1c5f2eadd282343f6e8d9f277299fedac65
SHA256: 6d918e52d15cc2e55603b6518a0de58b884fcf025c07a08ca541e2bfa46e9d9d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 8.15 KB (8350 bytes) MD5: b615d164742b6ad031d2dc42da2c5f7b
SHA1: 03b504c68552d8c9388a93ec23c52179c9840df6
SHA256: 0d4c1176349e0a361d620d921daa66b5eb64162800c58da2f1fbb9a66d664b19 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 8.42 KB (8623 bytes) MD5: 752c8cbfd672ce82e360c94525a7347e
SHA1: f76db3f323b9dc2e163e822a814bb03859e14aa9
SHA256: 136083471ad4c48610a5c1e83153fb49ed79600f821d3209178fbccdbb8dfeef 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 8.69 KB (8896 bytes) MD5: 2e2bf76537833d84beef91ecd1d48e17
SHA1: 1de98b46afe330a05084d4538f65297781905da1
SHA256: 4cc507d91ce1d63f640a4f1100e894cd57750c92b92d5d6788f6809917cdd84d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 8.95 KB (9169 bytes) MD5: 473efc736b09a566092bf99653f05d2a
SHA1: 5b28e1d264659bf9f92ce9a90ab12684e2422ad1
SHA256: e9c9ac9772830aa1966cd4d298b9fb4fac604f95c9a3802bfba272fe68f62e35 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 9.16 KB (9383 bytes) MD5: abf99640d36285ef7e8049c771408e93
SHA1: 9e2cb742a7b744a12da894b56d894bf71ce6b26a
SHA256: a855eccfc5f55dd134cb2b5edae3d0bdf48a45ae3a9049b460c2fdc665ba19ba 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 9.44 KB (9663 bytes) MD5: 41dac4e0c067e6ca3d648e9acc387627
SHA1: 018cd17aff1667a6d22587c4506269fdc03ef503
SHA256: cd1e4a09f4862bf13827da7f93c6c00228c468a647fa4a89ff9c55007fcda138 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 9.70 KB (9930 bytes) MD5: ec98f141b54c6ff63de52791893d9c27
SHA1: 27613a6bf3727cb03a4f1dbbb2e6a775acca90ef
SHA256: 2be661be6833a8f59f4e5b264bcf1de755ef54250515dc03083f85887acbc17a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 10.01 KB (10255 bytes) MD5: 0f9f674a0fa9515a5a4f67bcde4d0a0a
SHA1: fe85e045b59f07f85669bd46d63f660620761b2e
SHA256: df3d3a0ed7fc2ace8bfbca69645108d9d517cf701bb56c371120497b69a9bf5b 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 10.28 KB (10530 bytes) MD5: 4cfbf93467a5a7a77b097bedfc117235
SHA1: 79044e5abd1885e2dfc5851f03254f67af12a8c3
SHA256: 4d01e326b22bc3a40735af6f23be57d5919cc5d1c2fc94894087c8fddea1300b 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 10.53 KB (10779 bytes) MD5: d52e836e928be5e360d4b78dc6207d87
SHA1: a9a0fedc4bee162254d518756886702b0e5f697c
SHA256: 6fce4fd55701c36c02318fb9e378eb067703ee05ab8cf130efc8cfdded59644f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 10.78 KB (11042 bytes) MD5: 27556dfc48e76285833d8a04efa15ec6
SHA1: b43b66bfc978fb212cf13e7ec5992eb43178c0c3
SHA256: 132ea79a4f8e7211d115b4fc0a75a810c078b6c3a7ffaea734ff17b826e160d5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 11.00 KB (11267 bytes) MD5: 3939683e91dafdbc8e732437daf6f42e
SHA1: 869985d5f2213414cbab7c8bce75dba757e5a354
SHA256: 0b2fdc46d17fcb3c9743ddc50ac08977715d2df0f8d550d1f2c33c6256535c47 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 11.61 KB (11887 bytes) MD5: 31bee244631bc1a3227d34885c6f8616
SHA1: 9f424e2b0159a7fbcb0aee21326744706ff59991
SHA256: 60e2bb749b7447bc7113f8d25b4a966eeaf4599b0c17914b889c4d2b58331f00 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 11.88 KB (12168 bytes) MD5: 7fcd6ef51678c5ae53e9d347e0f8f85c
SHA1: abf5e40323ce1404a0859386a168c70f2dffbc04
SHA256: 8d071f88de460c436516464cc897546b285fdc7992c5802a64f35c6e7b3e0035 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 12.13 KB (12417 bytes) MD5: 4a51932fcb2e4813035dec9f2eb79901
SHA1: d0bb19405c668ed997d5577332150a34ff3f295c
SHA256: 1ddfd0d8f2f06baf655d9fc8ce2aa9c4e9e88b05e9e9190a84784760c139c7a2 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 12.38 KB (12680 bytes) MD5: eebc5d7055bbf07f9f7d36d387c0a3eb
SHA1: 824026bd93be680e3363be0affafcdbde3a01870
SHA256: b1742de8db4a613bf95d18253c60c73de8482068e981ce6553454a180e2b16e8 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 12.66 KB (12961 bytes) MD5: 0281ff2858afd8d48312017c7d7d314e
SHA1: 8241f61be50bb183ce90452f02d5982ea584f23c
SHA256: 8267d834dbc661a80a34424ec1701e49ad7b6851b8585fa5ea19f419cb59874d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 12.90 KB (13208 bytes) MD5: 2e6e202eb574878402d5cf5af694c084
SHA1: e7ee043118ba80e8eb8dcaf2a55e38d397468a44
SHA256: 4683f1ecee37a999efcb39307e1dbae4d0aa389ba2d6d6f1496098fc47c3bdd7 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 13.15 KB (13467 bytes) MD5: 325a9f04d866111efa0c4c055d2520a4
SHA1: 002afe77b885b5e853f1df3b401f973cebc46f45
SHA256: ce32dcbb01c72579378d45d3969447faf69340cc4bf71840072a5d655ebeca43 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 13.42 KB (13746 bytes) MD5: 79137110fa26ef93519c5f5fc06d6878
SHA1: 0bd87ef5b998cdc9d49ae2b520dbdfe2f0377b03
SHA256: 579ef5d991f11c40ee8f3a53b490264e68534b8ebb7730492d13463da74c96c3 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 13.66 KB (13987 bytes) MD5: 50e4e3bd81a5a4c76edc7a06872f8910
SHA1: 4df43ea7c52bdb2d8d353f863fb8182f5cc7502c
SHA256: 0a530677589bc902a22292befb4fc81d5cf4c1cd1d470a0ea29c6e28212e0b1a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 13.88 KB (14217 bytes) MD5: 6ad3a7538b8a7b4760beb75c29cc549e
SHA1: 6bce6136b2e7583a73a6729ea55e8a357c5109b9
SHA256: dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.27 KB (274 bytes) MD5: 82149ea6f13efb05a7a857c9524206c0
SHA1: 8b5504f473005bfeeb6a4621931f45a594e39f99
SHA256: 1b5b293b8bb69969b5edd1fae5cc1e9e253de799b943eb0d996c7b0d80855561 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.51 KB (522 bytes) MD5: 890881188a68d4d79d2b84eb9562faa0
SHA1: db21f887c9eeb6a231eea8c01e24980e272ee401
SHA256: 3eee1f1cee768e487aa015ba44aa4819a35d57b824818640737c310ba706ac8b 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.76 KB (779 bytes) MD5: c296662b42e3b5ee7be6dd9af55885f2
SHA1: c09f6e6e75acea7e909f23558c261c870516feb9
SHA256: 2eb22f9abd8970fd5979d3c838791d3b0407103fee2fdb0fb175e169e98e3a92 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.01 KB (1032 bytes) MD5: a899a735ca54806f0e2e5370d06f0c98
SHA1: eb594bca29702261f94ef2c47e448e6c8a08dc1d
SHA256: 63e9c849264425991071fbf13afc2181e22771a2e29f756df6538971519c51f0 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.25 KB (1280 bytes) MD5: ed450d8bb34ac18f53f98d9659e2257b
SHA1: e5fa0cd8ca4a010db979ae851a11d0edd4bd7b35
SHA256: a2ec6f8c3c15d6f2bcc9372bb88d84f28f86a8dac873c7c40bd8dc8866d4d5a8 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.50 KB (1537 bytes) MD5: 51c39c010e918623bd866a52ec6da38d
SHA1: 76c65a07447bc7d8cc4b25edb2f02f4abd738e61
SHA256: 21b071de60d5e782dfd9081187bc6848e35cdf05f4999e11bad6e1b71f9c9351 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.74 KB (1785 bytes) MD5: 43e3953ffdba1797aa3877c1517025b1
SHA1: 9620b6c79f3ad5b68b1a3c2671c961fddee74e8a
SHA256: 660fff60517b529b21b47b646664ab4746a4fdfeb1fc89cf87d00ee2a35700b9 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.00 KB (2046 bytes) MD5: f4350400ebc42cb6e8813c050ae7d516
SHA1: 2000f96970f9446a9206380384b9f5bb52c55d28
SHA256: 4259bf9b98280f07443819d7f30955ecf77c1bf2a8a1f67377340eef43d25e8e 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.24 KB (2295 bytes) MD5: ee07d6bf78d0be81801a915adcc02ca1
SHA1: c9971de09999df184fc368a619d73b1f3d58885c
SHA256: 22a8c2ecadebbe79e961a81bdf68957ff97d072d2b1f1e6c627f0d3b77c2d4f9 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.50 KB (2556 bytes) MD5: 63e81763e02bc00b58e52da6fc887a92
SHA1: 4e2eafcba532d8dada6a7c38773fce2ab3c81d82
SHA256: 4673b9dfe20e4c590f94207874ad592cdace907d55c612e766a96fb1e84a3042 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.75 KB (2816 bytes) MD5: e83c51b820041ef443e51d98e3f612be
SHA1: 53737ac895fd42e4987108c721c87e207f357b25
SHA256: bcf3c5be012c9aacfa9a37b3d06338fdaf32d2de3a4ace62cf9320e90caa172e 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.00 KB (3076 bytes) MD5: 3b12a168701971a21c9b571035c6a0f8
SHA1: 0da0f43065298e392749160f2ff40fdbe445124d
SHA256: 34ac8810b8abf4f8805071b5ecbfbde681e37a7962057d411c11cc596cb5dca6 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.56 KB (3643 bytes) MD5: 2739399741830726c012701bd52b7ccc
SHA1: 656c296562760815019ee973b7dd5378d8d6abc1
SHA256: f9c77921a460cc9b94a7491362527d1427b26823ed48158b631bc57ed33f652f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.83 KB (3925 bytes) MD5: 27f6f2152d9eb2234694e0877422ccb6
SHA1: 0c861dc9db067c65e05f7f48fc677bc07966db22
SHA256: 5adb193561f442021455ec68521dafe9af71d2fd93fb1ee228eb4e97a30ab54c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.10 KB (4197 bytes) MD5: 77f0193e8f6be3517577f1e1eda545be
SHA1: 555b8e0d22e10e617564bf02fd3b7c3e82a8748f
SHA256: 2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.27 KB (274 bytes) MD5: b63bc739a27f74eb3fe9e276a366f896
SHA1: 3794137cdbe99f62b0097d737b5295e69a4193b9
SHA256: c653223195eeb21f55d4f1f004257fd43feb289a54ca10fbcaae382a87f89bb2 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.53 KB (547 bytes) MD5: 65c927cde4ddcff695818c5915114a3b
SHA1: d8b8f52e1cc755458d71d67e6d6460a78ae5a6cd
SHA256: 9c5193f63248af045b9014b75ea5379eed0159b919c639c7aa3dd5f4d01ec0f4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.78 KB (800 bytes) MD5: aaeb7e4309d99bb808405b4e2cb7dc6d
SHA1: 90fe10c790a5b55fdc7ea16301cb19f662441d52
SHA256: b06b37d2eabbd600a8c21a8fa8a05e61dc53b392048d2a4e67faefad02f65a13 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.33 KB (1367 bytes) MD5: 6142480f697426d754adf0c6e7fb5497
SHA1: 712666f6c412c29fea791c60a57ed9f3aaf667ec
SHA256: 1457321593712996a5f299347a9277f397cbfe419bf3e4988dff3501dd2a2be5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.61 KB (1648 bytes) MD5: f0b762838a58148af445925733cd9f86
SHA1: 88e79bcd4894cb5e925478224fd699fa9e7058cf
SHA256: d719b2c869f90bf179a7dfe8b172d46fcac7d349bf20851c22973eba48675907 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.87 KB (1911 bytes) MD5: 1e6e690e73680731887d430e0869762b
SHA1: 1def27555742adec44d8ab74c884a27afdfcb9a3
SHA256: b886fa128a611ba1b079207e01b374ca8068ab4fddae8feaf2b858c1e3f36cc5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.08 KB (2125 bytes) MD5: 67fe90eff4a2f2650148f6f11e7a693d
SHA1: 6ca287f3f0ed0201c7be6f5299419813fdb2a314
SHA256: 33af58cf34284d20cfad224c064e48d4c9ff080b38f35d214da2b0b18824c2c9 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.35 KB (2405 bytes) MD5: 56a1ece9daeb8537a56f19911a83b199
SHA1: 99899656a32c2c593b848dd375f53ce580276a69
SHA256: 15d63269a8dbfcce2099b9913ca67877cf662165de479943c83d1b72af4b5c11 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.61 KB (2672 bytes) MD5: 03d9a4a10c71791249e80820860a4772
SHA1: c42acfe22aea70c470c0bbafbbc8f80230bd2a75
SHA256: fd395968c56a16d75076f1cd6a419a7e8b323a1123241efccf3328875a2b5e85 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.88 KB (2953 bytes) MD5: 12b2fb63c9d060744945e33af1c1d6ef
SHA1: 52ae7aed5e40f16d392afa7eb59408dca6113aa6
SHA256: 47e873983d945ffb5758832dd38cb8ce4bbaa825daf9fb5916021734d521aa55 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.14 KB (3216 bytes) MD5: 562718cc0f9dde290ed96144b8748924
SHA1: 42a2d996649d6169dd012fd6ec4c8521c6d1d7dc
SHA256: b563f6a196269196c279309972f9a89acd9e2e4617189ab1f66aaa88bf75e2a6 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.36 KB (3441 bytes) MD5: 0208276064edd371df9848924d2ce52d
SHA1: 60f93d5902a52b9907367c4fc8c35e28bdc0aeec
SHA256: d0a1ec62d000edaa129c3222687eb7d88abe1a8bb85861a716d00d80d84708cb 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.63 KB (3720 bytes) MD5: b3e4bc7bce0449140c64a20417806736
SHA1: 6a838d862582ad885d06c270bd7e53735319ce12
SHA256: cf71b8662a2d46c3719bfe02b97e9aab66be023de85dd6a49126f79cb6b134b7 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.89 KB (3979 bytes) MD5: ab7ddef34dd4e99db84d975b083de0d6
SHA1: aa71c4be3d1c4bc3aa1a3f114fc6749dcb8a4040
SHA256: 315d798eadba544f89087288724ad849cf7cc25efaf9583804e3eb3e079ae930 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.15 KB (4252 bytes) MD5: 658f9d71ddc6ec54bf9b6aec30d3cc5c
SHA1: a8a7679c5b026ee35aee89fd82977cd03184bd1d
SHA256: ef25c2ead97bd3d50fb29f2b839bd22de88aabcaf9be950257f5da707d309ba2 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.38 KB (4488 bytes) MD5: 0b543aac930cd2d9562a2ae37a232394
SHA1: d55c49127a48a15e742c8301f1adfc5150644c24
SHA256: 8f4de247957a1dcadc2e773f496449e7c8dd4a4f9e5757e070d3b9b86471df0e 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.53 KB (4634 bytes) MD5: 777fb81ebcdc022b739ee4b76c9d5df8
SHA1: 70b777c0c27c1671963967f24b848ec324e0b1b6
SHA256: 65bc0257ba4496f4b6787110f355626018dd87874a6e63d56ffcb732f04fca9a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.66 KB (4773 bytes) MD5: b792ee8d6e31c5581599e6a89954153a
SHA1: 25e49f913f5429deef37440b2d365cd02e0c2ba0
SHA256: 6a185d6e5d87ecf0d254fe8e47d9af25d1422fbdabfeb1013130719bbf4c536f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.79 KB (4908 bytes) MD5: bf8342780823e7fa44222be101e34cfe
SHA1: b4b72399aba5fa5ef3300eb2f9b4897dcff4b7c3
SHA256: 3e8699ac936f447bee469056d62db8c7301de1c7dc15e1ae24bd8fe4f438e220 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.93 KB (5052 bytes) MD5: 0eec26117a364bab41c65b8be51bf2a4
SHA1: 11f350a58a993bd65365e1d38861300df4edf846
SHA256: 1b67bd51942f805a1c384bc2c52a2d6277663a023268dbd7c6da31bc2f9f935d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.07 KB (5192 bytes) MD5: 60dcaf9c56f8d66145f69c96a47d76fb
SHA1: 4be74bc99b72d84fede317d5d732e4a271897723
SHA256: 15fe4ca92da1c77194de1581042d01da407d6c8ce64d5fe0e883d49a3feabda2 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.21 KB (5335 bytes) MD5: 60afd01276a7217536508e7d8dcf7722
SHA1: 48b272c35290690ff2a7719b0e30d1dfd081c09c
SHA256: 630d9367a0c625eb56828ee87ffde3e7d4c1a8fb1f7bc0d0882e404ac786c31c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.90 KB (6038 bytes) MD5: c4e9d5d89ef582566b872e3df3baadac
SHA1: 8eb453ea778bd905062afea5f2311d33ed679551
SHA256: 6b2b6639e4d53535197d9bbc35f8b66924ab8de931c7e736a16620309f77304d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.04 KB (6190 bytes) MD5: 742a63b65e9f6e45ac49368d223529ad
SHA1: 8d83f521c3a1deb650ad57bec34d034b337e5fe8
SHA256: 271d6db98241bec76c1e506395c0b55b6f2362de0e30a3be2ceea129dab15768 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.19 KB (6338 bytes) MD5: 01b7f7e06d6ab697fd90fd2bfb7a436f
SHA1: 8146f3ce0707a8eba00321dc01c3933090ece463
SHA256: 9bfefe3527f1ba567e6ecb8967f435b5039c04ac25113281e82fe824635c6105 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.33 KB (6486 bytes) MD5: 3f9d60b99925d17d305c8de36efba69e
SHA1: 1452bd2ed0e3a6d34f660e7c500779f77a3a3ab4
SHA256: 12819b07bcfdc3ee0fb7c58332db4f18bd9fbee87ea5ec2c7d1dd8747476812f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.47 KB (6630 bytes) MD5: ec89e8caae91162a4c14e37c3ee0f430
SHA1: 36801dd88a32a839c211f1e88f813418397de0fc
SHA256: 3dc0176abe4597044a51d5015e29f83e9d103cee9e8d555a7110fd309dc9a7fe 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.62 KB (6774 bytes) MD5: b65734e1f4fdd0ad4184482f1e3181bd
SHA1: 70e650ac0e1f5ca5ae24ae87779ad54818075f76
SHA256: 0bab7331b42fde8dad5c7c905bb5457b77807025122b182fcafe96e6946a6535 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 9.00 KB (9212 bytes) MD5: 4e77889fc8fc893ddd18911ef58a2d80
SHA1: c0f447fe92b4e8e015b77b002e4f69a23d6bcc52
SHA256: f3eba3caf493ae6f20f1f471d2ee2a89f20a67b9049f14488d016fc7432370f2 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 9.14 KB (9359 bytes) MD5: 06fe29029ef50296c78ca70fc8161ce2
SHA1: bd91aa1ff29a4dce613641ed503a8c5e7767bcf4
SHA256: 8de91be2daf94ae434445478a545bc64ab66e3e46c6502d3ab5d6b5f3cdee346 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 57.87 KB (59258 bytes) MD5: b8959860eeb641326a8c1fea8b88c747
SHA1: 1414a403573ca8ed711432b4411b2c40900b0874
SHA256: f7449b824eee3a46d9694a152b77865eda9efaa51670eeb3764b4296fde5ecbf 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 58.18 KB (59575 bytes) MD5: 5f905eb958e44c3504454719df7830ee
SHA1: 2d308753953c59878409e7aa63c945ec315d7801
SHA256: 7a2f8c532146fa93821473e907e05e27b2df0633e79accc0d837be2a5a8998d4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 58.95 KB (60368 bytes) MD5: f5de183a5d8b7fb45581d38d3a9d8996
SHA1: 180472a99a10d21371fee89b7af6dbc5bfd9f1f5
SHA256: 4b7b34da9e1cc63ee083c18b891cdd60b1d0c37be3a11bce981b4200ba4083f4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 59.09 KB (60513 bytes) MD5: cf8e0558f3ebe23d18591c885e5cc90d
SHA1: 85f405b7efb91ff6695a46a086ccd23db0abbeaa
SHA256: 18276ea5d5978cdbc1c6958afd99d1310be7308a70e2d20272b57f04337a7461 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 59.23 KB (60654 bytes) MD5: 4c79fd219ccba9da9aa4d940cab0643e
SHA1: 76ae8b91ce20ce8a192eb89a685ce525f8600356
SHA256: 4e82cc39c4ee7af1ca6902129d6dae03019e4631bc3c2843fda6948c62f5410c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 59.54 KB (60968 bytes) MD5: 977667f81f4c9395fac951940fe21608
SHA1: 7e74ead716a09bbcdf763eedc9c07e3f7b0d4d9b
SHA256: 74ad3170284612c1b4acfa5c03b20b0464f3838f8684f221c4a806413df2b56d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 61.09 KB (62558 bytes) MD5: 719eefaf8ed61dd59151a03ae5d7489c
SHA1: c4991e51668ce2b1368012e94fdd175f44bb0059
SHA256: 64a059a6c66557c5d016e5eb4be0c16a473cdf8af26a38ad2751c37f998ffedd 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 61.34 KB (62809 bytes) MD5: e83d0a37f12fa9e077aebd6dc7196962
SHA1: 7ec7656e4926b37bc18831931ee9672458f89200
SHA256: 4e304ab43ac39dd7c0ad374a1e78f358a0961d18e9b3dbe2a05a715bf95e8557 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 61.59 KB (63066 bytes) MD5: 35fd8847359a0d204fa890921bcfbd70
SHA1: 1a52236fc03ca560abcf875d746323e9eaeeb2af
SHA256: 5cd77d2d534397fceab04193c57cdeddb35183e98e9dcd325f9d973d5b83468f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 61.86 KB (63346 bytes) MD5: 5101d7a955e3ab8c8c99b2d3ecd64fb5
SHA1: 1191cff510788667804fca47b8dbaa2b49f9531a
SHA256: 869d6dfd5153cebd0d705bc1d1a9b5d5ef2380ce504a190ec48c1e707bdb4966 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 62.10 KB (63594 bytes) MD5: 89d13e2e1ee97cd12ab6399ab713dba7
SHA1: 3daac12bdc5e4b36c3d056b0f98e65f85fa50ce3
SHA256: d830abc9df6880dcf4e4f269d0b97f3b07cce833b6a85d5d78f77ae00dca1cc0 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 62.35 KB (63851 bytes) MD5: 6aca05d501f8ee1356089497c803e7e8
SHA1: a1d710c54ae660f80379858bb3242e46a9227fea
SHA256: acbc12a2880b8dc30bc8b593f9401316052e0379879e56091bb3bab2ddc83dbe 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 62.63 KB (64131 bytes) MD5: 74d7bba8446d3dd10539749ee3828bf0
SHA1: fc81b7afafdc6211a5799c67975b53a1a08ac427
SHA256: 7c987505acc3664a81e0790b10f13e66166e40d34549816cd8478b99d24a3f4a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 62.87 KB (64379 bytes) MD5: 7b22368e6fa7be6a9367814f1140b7d0
SHA1: cdfe46b447c18ecfcc8544518e01397fb384a58f
SHA256: 983dff21ea81b8e17e032bbba44bf1ea80b73a67b2710bce905bc998562f02ad 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 63.12 KB (64640 bytes) MD5: a12970b34917a4567691fe0cc637098b
SHA1: 677b21967390ad5ab423d533d5656b2e857bfe7f
SHA256: b4e5db19ff959d6fd4b8a7165af593ea5995b0b2bb2fcbe06f825a9f32ce6100 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 63.40 KB (64920 bytes) MD5: e1423f9fd3d28137e487941bf42d59d2
SHA1: 5982ac554ff115d5159671ba88f2ebe7bd45b357
SHA256: 4518bcc0e6f8f524c42395ce3beec9e04c52e34caf83716d45328c9e6e350a61 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 63.64 KB (65169 bytes) MD5: e32fbd49fe8892e926ee9099f74a9406
SHA1: 846845be56de8307b9d065253d0855c783c206d9
SHA256: fdd9ab6a7e272a8a0523c7f1ee23307057dd76c93eef0c6731f9d65e58a64782 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 63.90 KB (65430 bytes) MD5: 41dee095438331c85337715471144b2b
SHA1: fa9d558bc5dd89e66e309e7c121c9f71bd913ac1
SHA256: ec47911cdfbcf12a5459876ede2946ec799e9272b67323a295eef03821da611c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 64.17 KB (65711 bytes) MD5: d673e9072973fd465b31987dbc0611ee
SHA1: 778a8394ba15345051af228735da0ba0b7ab9009
SHA256: 559cffc7b745e6ba7b83b03950f3286eaa220ee2c922d03f3022a935e63c787a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 64.40 KB (65948 bytes) MD5: dab78359a22d68a1e3936c59eb0fedc0
SHA1: 01d315deb0f808282ced752c8d693ea8c2e05d2f
SHA256: 52345e8c8ccf23e003b18121a74687b2fd466d6f5eac4760603b6582eeb4193f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 64.63 KB (66184 bytes) MD5: fa0de1182a9bde039f0ec5d2cbc211af
SHA1: 241af6d21cff774017f0eb9cff72f22bab8eab30
SHA256: 4918121ec42b8b044919aa1d531be1f82a6789d06c213714ca1a996932a3be38 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 64.86 KB (66420 bytes) MD5: 3371590e60e649b4de8a73afa9dcb93f
SHA1: 6cb98960b6f0bbf7797d7244ca2d1b6d853ce097
SHA256: d73fcf1f6d1a6a7e907eef527aebc91c79a0ddb89b1242d184b3aba80e7c7159 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 65.09 KB (66656 bytes) MD5: 3a3f49e988741e8e852de274921cafa8
SHA1: 78372b93d84a597e8cb225708b3665c5c8832322
SHA256: 2655969808e511b23ed29c1546e83a4c82d39889cc075bfc86bff8747325e066 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 65.32 KB (66892 bytes) MD5: ee8abd6ad7a0dda0a53cf8a22688c580
SHA1: 91f83060394aa7674c9a135bc4c9d6508a534e13
SHA256: a15093931269db8f9281f5c4777546856f3c8f8adef3569a8052c1b16bc95b22 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 65.60 KB (67174 bytes) MD5: c73560dc36b9fa1406fee74e909a1928
SHA1: 6d0bcf3936bfc4202f828e2921370a2aacfd280b
SHA256: 41a68f203a733f0f4f2b56e001dba5a773eeee8b83b4fc0938a6c5436809650a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 65.87 KB (67447 bytes) MD5: 53054daedfef2d4df376fd30e8d05bec
SHA1: 2c61e80cfd89b18cf6595b9c2d1d5740a2b642ef
SHA256: 29e66449359c00285da96c5c30c97d4bb41e3618532059988531bf9176b99b56 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 66.08 KB (67661 bytes) MD5: f923413fcb241a839ff9dac023e67239
SHA1: 368ea75d9e40ca03b81e0f5c1d993dc9e8e4e975
SHA256: 43df8f131145a72bfc9e4ddfc662e3d104c0dc0f78f38fa56ab65993c552683c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 66.35 KB (67941 bytes) MD5: cb604971b422caf88e36a7b9df2f34f5
SHA1: eff3450b4333718b638a52f856795b9f7341ce34
SHA256: 333329b911c3bfb71cab7e282a5af8b98b5bf06094fceaf3333b5b382468de4f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 66.61 KB (68208 bytes) MD5: 98f2a758cc7a4f91784500c4611aba65
SHA1: a18863dba063432401ee1aabccb8e823bab8c760
SHA256: 9dba5e3efea4789595a3377f7f05c6143f73a32b4d77a2f6eb6503798e92ee90 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 66.83 KB (68433 bytes) MD5: 74cfc4d8677f142d44a5bc2e62fbbb76
SHA1: 9a844e74f70fa704f220dc17d1cd106edd178af5
SHA256: 6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.27 KB (274 bytes) MD5: 64f1830c9286c825ddb25313c564dcce
SHA1: dbd8ce6cedf20a300995e1a6202b7ac2527304e5
SHA256: d41480b84194701753760c6b52aa9bc577a96ae12d15e145f28bcfb883bf84b7 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.50 KB (510 bytes) MD5: 5f8a25cc1f314787827999f4673b1f83
SHA1: f48aca2b4ab2252c676a22b2e172ef2b1df5c614
SHA256: 965259d90b623fc3e3c9c01acca7fed77aa84be1a7ef06a36a4e4877b26cd829 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.76 KB (782 bytes) MD5: ad91b81d26949997ed07a5316154c8e2
SHA1: ae747597a7d8b1e3773d6ede29b22e89adb4cd6c
SHA256: 4e4886c649821454eb4003911915b81d398dc3af9b7dbef733a7b5c91040d253 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.03 KB (1055 bytes) MD5: f99423713a627a420a6cb5fbf51e955a
SHA1: 9cfd490da9ab6c96c3e2120a7fbc81cdd7017b0c
SHA256: 58b2c86bede34764b794d5517e171c8e6547b0529db29c3c837b5f377f8e6214 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.30 KB (1336 bytes) MD5: 69e2528c964f38a71bc8af808d3bcde0
SHA1: 58e41afbadf13a58589d1559a9b831f12b111221
SHA256: 96e34349cbb6b18028231e3ecf762a1b9c7c44e43851762a51122ad32744056a 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.56 KB (1599 bytes) MD5: c288f198ffffa440be84a8037277572b
SHA1: 8ca8d273dcb495c8acac03c89e62bcaf9ca9266d
SHA256: ca11067f5a63b9b7b7417b49586580125bf15eaa63ef19b01d0900cf7a593703 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 1.84 KB (1880 bytes) MD5: 9f589c1eb5d7c684b28468cb8797fea7
SHA1: d8ef50a0cd4c3dbdbd786e76199257dd489b0a6e
SHA256: f1b48fb832e3497a07985836c4dbf335168339574b844bf9e87234e117fd58ad 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.09 KB (2143 bytes) MD5: 80f77b2c7ae13b70dc73079dd0f90458
SHA1: efcba073526fafc162456ff153485274eb6b3625
SHA256: 2095255108dbe238b465278bdce6105b35dd7ebaecfd17e2cfd3a6ff04fc5405 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.37 KB (2422 bytes) MD5: c668bca5b35c9d76fba586282b49534f
SHA1: 59b095861e759288fdcdccd696e71df60255e083
SHA256: a605ba00937e533eb3fac2fa4da6be900a86a80697f805a8aba896b6a2652f81 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.62 KB (2681 bytes) MD5: 4beb05cf897cc4b3ca8204366a1c4db3
SHA1: 8bcbd9d2c82f2fad61fea4abcb5da1fa68ee02cd
SHA256: 486035ae475be0e61fecdfea8daaa99f50d470060f74737a4acca78df6489657 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 2.89 KB (2961 bytes) MD5: 7c3af3e6e4dae95a9e2f9e0000d8da9f
SHA1: 3cde48237a7876e1c761c0fc3c09863f332282de
SHA256: fd91cb3e5de4d8f8db8daa17a0d949e5199f42d885f6c48790527e8d2b6cf05c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.14 KB (3218 bytes) MD5: 3b51544a4da8ec239a2d018439ca3678
SHA1: fbbaf67886925695eae5f403ef5be956a8e6bbb5
SHA256: 8d6b0c1c9e5fe6063d169f9dd41417976eac2ea4e2afbfba36decbde6ec7f32f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.42 KB (3498 bytes) MD5: 698254390007dd7faece68a269abd736
SHA1: 8e8c7afdfc7883ad6cd34618adbf56cd96f06cb8
SHA256: f1aac149e8b8597ebd9d20154451c9788c73fee8a3542769663ca4c519e58159 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.67 KB (3755 bytes) MD5: a37c2debc8f32c5e7255c0c158f0a941
SHA1: cdad4f8149b67943dcf1db300223794829908c82
SHA256: 4282dada6036552c9f7f23863ef69329d1dee1da7646358e79f12810b93ee79d 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 3.94 KB (4035 bytes) MD5: dc0a9e47cf7dcccf687fdde2b3513185
SHA1: fcb69f4f889481691da2ab56771f4e744648d0a8
SHA256: fad0a7fc37eb112ab190268b9a0fda2188b9ed62c20788036ecbdd1a3b727cb4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.20 KB (4296 bytes) MD5: f841972a36ea5b6654c8b0a32790b821
SHA1: e76e2025503dda2fd621518ba90ae6104b7535f7
SHA256: 1bc63479cec8c3780ef61bdf37ef4ab25e05469979dc1b7a170025c785a05ee3 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.47 KB (4577 bytes) MD5: 7480c8cdc7b9b961a4783326fb826aae
SHA1: db5b49ca1a20e46d8b244547f98774ff69c38a64
SHA256: abc4087c1fa593f0d99eee65150e2dce17d2ba5d0b595d3a940c97ec35fc7b2f 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.72 KB (4838 bytes) MD5: a4e392de6f566e05819621bb73bcbdf6
SHA1: 21569d3d1cc72323bc5ca8f6caaea917be8305eb
SHA256: b673d26910bd425fea48eb4d5958c321158932a50acabcf5cfd4000490ac7a61 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 4.96 KB (5074 bytes) MD5: 621a855ede4bd70aef48943907b297f8
SHA1: 61f759daebc70360f8171da11456d6404914d092
SHA256: a2c088557b827c66bc9bd108ca33be06d8f15d6cc68491587a20b41dfc6ddd98 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.19 KB (5310 bytes) MD5: 63fa073673f9ab09af518521cd1b00fa
SHA1: e25092f15bd872ad26fa53d0edea620c67e81a5f
SHA256: a93198adebd0e49cddee3990139b7f01155c79d2251b0e5ba414535ae5b04328 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.42 KB (5546 bytes) MD5: 067a9daf365c1efd630ac8a8af920a32
SHA1: 40eab30e8c6d95c336853123e1f1f70b737e4547
SHA256: 17b5b2b78a2364f0af1099e7cf1c3ed04e50533fdf9fec0e0a84c72fdf84d4d9 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.65 KB (5782 bytes) MD5: ad81fe88f09549cf2bcd0417668fe4da
SHA1: 07147f70e260aa29a568104719fd22aa8e084686
SHA256: a020b455290e9b2e31a59350304698c91b4fa7fe8846bb310e41e3d85f7f1b37 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 5.92 KB (6064 bytes) MD5: 06dda7053cfd4165953f7a353b2134a6
SHA1: e1df465c975ff322e1d6165f1a8113df85a33553
SHA256: c5fea23e6384bc807cedd16c27959a640971ad7b701bc306791d234bdd5d4eb4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.19 KB (6337 bytes) MD5: 6bc3c3afda7ff5a7dc2b559f5c41f65c
SHA1: 553e54cce0e59c8e974f58807dd143bc712f322c
SHA256: c034b7a67650ce7b70cf533d069b0bf469e90805dbe107e7bcd59512e3ae5acd 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.40 KB (6551 bytes) MD5: 27f3b86195fce58a40e9b32f14bff099
SHA1: 43b464483c9e17967668bc91409d376be4f6cf16
SHA256: 2c069299e49aa2c287dbf32e8bf0c427215a3ddbfe63793c11f6f315299dd3c7 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.67 KB (6831 bytes) MD5: 45515a677d63c95eeedfaee2781dcb0f
SHA1: 6667ced5877e6bf00907080a3cd1aa65257ae5ed
SHA256: ccaeebc91710297bfbb6f5b25fa5bb84d899b398d81e25b9d57e2bc5aa7fb68c 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 6.93 KB (7098 bytes) MD5: 94f6be19ff82523b8e30082a617dc324
SHA1: a5a201ff6481f749ff7184629103426c86b6e12d
SHA256: 71d40b8ac38a0b256115e8c1d656a4ea29387c28fde56634dcb8c09fb0994aac 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 7.15 KB (7323 bytes) MD5: 29670c5d286f19a05daaa33a87b3d3df
SHA1: 472724fd66d7a23bfdcba8dd651256da68dc042f
SHA256: c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.wix 0.27 KB (274 bytes) MD5: 719e9318cdaae5ad210f110815179c49
SHA1: 9813d1589720682ffae4cf8386d74a4c8fdde38f
SHA256: 82756da1587b57c96bfb939814c52d621d92dd3a85517e7b17bac8d8fbc3c8a4 		False
Threads
Thread 0xd30
(Host: 226, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76bda330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76bd7580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76bd9910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76bdf400 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 260 True 1
Fn
Window Create class_name = static, wndproc_parameter = 0 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 3
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x771fe7b0 True 1
Fn
Registry Open Key reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001} False 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001}, value_name = AccessPermission False 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001}, value_name = AccessPermission, data = 0 False 1
Fn
COM Create interface = 00000109-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Get Handle module_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, base_address = 0x20c80000 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:36 (UTC) True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76bd7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76bd9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76bd25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x771cbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x771cda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76bdd940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76bd7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76bd7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76bd77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76bdd8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76bda0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76bd7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76bd9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74500000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x74534500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x771ef090 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x771e95f0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shlwapi.dll, base_address = 0x75dc0000 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:36 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:36 (UTC) True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\secur32.dll, base_address = 0x73c40000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x742a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x742ac5f0 True 1
Fn
Mutex Create mutex_name = 8C5FF35F44C67C34381EFF128FE58575 True 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = 8C5FF35F44C67C34381EFF128FE58575 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shell32.dll, base_address = 0x74760000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x74640000 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x76cf0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CLSIDFromString, address_out = 0x76da1390 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x76450000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 260 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:36 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:36 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info type = file_attributes False 1
Fn
File Create Directory - False 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77190000 True 1
Fn
File Create filename = \??\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Get Info filename = \??\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = extended True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:36 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:36 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 261 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:35:36 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:35:36 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 261 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 261, size_out = 261 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 521 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = DD53550AC9EB25CC6151CE1EB2A70FC3 True 1
Fn
Mutex Open mutex_name = 4F35AC27449784784508471CC1E930C7, desired_access = SYNCHRONIZE True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
Mutex Open mutex_name = 8EB663269EDB2551D78D6BE980D8D1D5, desired_access = SYNCHRONIZE False 2
Fn
Process Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0xa88, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Mutex Create mutex_name = EF45F0E754F1354293A017BE4F985965 True 1
Fn
Memory Allocate process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4f00000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 131072 True 1
Fn
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4f00000, size = 131072 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4f1b6a4, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4f1b7c0, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4f1bdb4, size = 4 True 1
Fn
Data
Thread Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x4f0b50c, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Mutex Open mutex_name = 8592029A1BBD0F5EDCA2A860E613ACDB, desired_access = SYNCHRONIZE False 2
Fn
Process Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0xea0, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Mutex Create mutex_name = E69AF5C9A1CE7CC06B48F35248935FCD True 1
Fn
Memory Allocate process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4850000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 131072 True 1
Fn
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4850000, size = 131072 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x486b6a4, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x486b7c0, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x486bdb4, size = 4 True 1
Fn
Data
Thread Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x485b50c, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Process #3: cmd.exe
(Host: 106, Network: 0)
+
Information Value
ID #3
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\system32\cmd.exe" /c "C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat"
Initial Working Directory C:\Users\CIiHmnxMn6Ps\Desktop\
Monitor Start Time: 00:00:41, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:14:46
OS Process Information
+
Information Value
PID 0xd2c
Parent PID 0xfc0 (c:\users\ciihmnxmn6ps\desktop\zeuspanda.vir.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:00013d92 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x D3C
0x 7D8
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000470000 0x00470000 0x0048ffff Private Memory Readable, Writable True True False
pagefile_0x0000000000470000 0x00470000 0x0047ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000480000 0x00480000 0x00483fff Private Memory Readable, Writable True True False
private_0x0000000000490000 0x00490000 0x00491fff Private Memory Readable, Writable True True False
private_0x0000000000490000 0x00490000 0x00493fff Private Memory Readable, Writable True True False
pagefile_0x00000000004a0000 0x004a0000 0x004b3fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000004c0000 0x004c0000 0x004fffff Private Memory Readable, Writable True True False
private_0x0000000000500000 0x00500000 0x005fffff Private Memory Readable, Writable True True False
pagefile_0x0000000000600000 0x00600000 0x00603fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000610000 0x00610000 0x00610fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000620000 0x00620000 0x00621fff Private Memory Readable, Writable True True False
private_0x0000000000630000 0x00630000 0x0066ffff Private Memory Readable, Writable True True False
private_0x0000000000670000 0x00670000 0x0067ffff Private Memory Readable, Writable True True False
cmd.exe.mui 0x00680000 0x006a0fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000006c0000 0x006c0000 0x006cffff Private Memory Readable, Writable True True False
locale.nls 0x006d0000 0x0078dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000870000 0x00870000 0x0096ffff Private Memory Readable, Writable True True False
private_0x0000000000970000 0x00970000 0x00a6ffff Private Memory Readable, Writable True True False
private_0x0000000000bc0000 0x00bc0000 0x00bcffff Private Memory Readable, Writable True True False
cmd.exe 0x00d90000 0x00ddffff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
pagefile_0x0000000000de0000 0x00de0000 0x04ddffff Pagefile Backed Memory - True False False
  • Region Actions
wow64cpu.dll 0x5c9f0000 0x5c9f7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x5ca00000 0x5ca72fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x5ca80000 0x5cacefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cmdext.dll 0x731e0000 0x731e7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74230000 0x74288fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74290000 0x74299fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x742a0000 0x742bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x75b80000 0x75c3dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x75d40000 0x75dbafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75e70000 0x75f1bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75f20000 0x76095fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x760a0000 0x760e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x76bc0000 0x76caffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77190000 0x77308fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x000000007e570000 0x7e570000 0x7e66ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007e670000 0x7e670000 0x7e692fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007e696000 0x7e696000 0x7e696fff Private Memory Readable, Writable True True False
private_0x000000007e699000 0x7e699000 0x7e69bfff Private Memory Readable, Writable True True False
private_0x000000007e69c000 0x7e69c000 0x7e69efff Private Memory Readable, Writable True True False
private_0x000000007e69f000 0x7e69f000 0x7e69ffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7dfb3d30ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfb3d310000 0x7dfb3d310000 0x7ffb3d30ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffb3d310000 0x7ffb3d4d1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffb3d4d2000 0x7ffb3d4d2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Threads
Thread 0xd3c
(Host: 90, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\cmd.exe, base_address = 0xd90000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76c02780 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 218, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\Desktop, type = file_attributes True 2
Fn
Environment Set Environment String name = =C:, value = C:\Users\CIiHmnxMn6Ps\Desktop True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76bdfa80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76bda790 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x760335c0 True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 206 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 195 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 191 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\Desktop, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\Desktop\zeuspanda.vir.exe, type = file_attributes True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 130 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 63 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, type = file_attributes True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd7d80021e.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE False 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 33 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
Process #5: svchost.exe
(Host: 2234, Network: 41)
+
Information Value
ID #5
File Name c:\windows\syswow64\svchost.exe
Command Line C:\Windows\SysWOW64\svchost.exe -k netsvcs
Initial Working Directory C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
Monitor Start Time: 00:01:41, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:13:46
OS Process Information
+
Information Value
PID 0xa88
Parent PID 0xd34 (c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:00013d92 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x 18C
0x D28
0x 9E0
0x 538
0x E98
0x 8D4
0x E94
0x E84
0x E8C
0x E90
0x C54
0x C40
0x C2C
0x C18
0x C04
0x 440
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
svchost.exe 0x00370000 0x0037afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x0000000000e00000 0x00e00000 0x04dfffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x0000000004e00000 0x04e00000 0x04e1ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004e00000 0x04e00000 0x04e0ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
svchost.exe.mui 0x04e10000 0x04e10fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004e20000 0x04e20000 0x04e21fff Private Memory Readable, Writable True True False
private_0x0000000004e20000 0x04e20000 0x04e20fff Private Memory Readable, Writable True True False
pagefile_0x0000000004e30000 0x04e30000 0x04e43fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004e50000 0x04e50000 0x04e8ffff Private Memory Readable, Writable True True False
private_0x0000000004e90000 0x04e90000 0x04ecffff Private Memory Readable, Writable True True False
pagefile_0x0000000004ed0000 0x04ed0000 0x04ed3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004ee0000 0x04ee0000 0x04ee0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004ef0000 0x04ef0000 0x04ef1fff Private Memory Readable, Writable True True False
private_0x0000000004f00000 0x04f00000 0x04f1ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000004f20000 0x04f20000 0x04f5ffff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f82fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f20fff Private Memory Readable, Writable True True False
private_0x0000000004f20000 0x04f20000 0x04f21fff Private Memory Readable, Writable True True False
pagefile_0x0000000004f20000 0x04f20000 0x04f20fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
counters.dat 0x04f30000 0x04f30fff Memory Mapped File Readable, Writable True True False
private_0x0000000004f40000 0x04f40000 0x04f7ffff Private Memory Readable, Writable True True False
private_0x0000000004f60000 0x04f60000 0x04f9ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004f80000 0x04f80000 0x04f81fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004f80000 0x04f80000 0x04f8ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004f90000 0x04f90000 0x04f90fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004fa0000 0x04fa0000 0x04fa6fff Private Memory Readable, Writable True True False
private_0x0000000004fb0000 0x04fb0000 0x04fb0fff Private Memory Readable, Writable True True False
private_0x0000000004fc0000 0x04fc0000 0x04fc0fff Private Memory Readable, Writable, Executable True True False
private_0x0000000004fd0000 0x04fd0000 0x04fd3fff Private Memory Readable, Writable True True False
private_0x0000000004fe0000 0x04fe0000 0x04fe0fff Private Memory Readable, Writable True True False
private_0x0000000004fe0000 0x04fe0000 0x04fe0fff Private Memory Readable, Writable True True False
private_0x0000000005000000 0x05000000 0x050fffff Private Memory Readable, Writable True True False
private_0x0000000005100000 0x05100000 0x051fffff Private Memory Readable, Writable True True False
locale.nls 0x05200000 0x052bdfff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000052c0000 0x052c0000 0x052fffff Private Memory Readable, Writable True True False
private_0x0000000005300000 0x05300000 0x0533ffff Private Memory Readable, Writable True True False
pagefile_0x0000000005340000 0x05340000 0x054c7fff Pagefile Backed Memory Readable True False False
  • Region Actions
imm32.dll 0x054d0000 0x054f9fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000054d0000 0x054d0000 0x05644fff Private Memory Readable, Writable True True False
private_0x00000000054d0000 0x054d0000 0x0550ffff Private Memory Readable, Writable True True False
private_0x0000000005510000 0x05510000 0x0554ffff Private Memory Readable, Writable True True False
private_0x0000000005550000 0x05550000 0x0558ffff Private Memory Readable, Writable True True False
private_0x0000000005590000 0x05590000 0x055cffff Private Memory Readable, Writable True True False
private_0x00000000055e0000 0x055e0000 0x055e0fff Private Memory Readable, Writable True True False
private_0x00000000055f0000 0x055f0000 0x055f3fff Private Memory Readable, Writable True True False
private_0x0000000005600000 0x05600000 0x0563ffff Private Memory Readable, Writable True True False
private_0x0000000005640000 0x05640000 0x05644fff Private Memory Readable, Writable True True False
private_0x0000000005650000 0x05650000 0x0584ffff Private Memory Readable, Writable True True False
private_0x0000000005650000 0x05650000 0x0568ffff Private Memory Readable, Writable True True False
private_0x0000000005690000 0x05690000 0x056cffff Private Memory Readable, Writable True True False
private_0x0000000005700000 0x05700000 0x057fffff Private Memory Readable, Writable True True False
pagefile_0x0000000005800000 0x05800000 0x05980fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000005990000 0x05990000 0x06d8ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000006d90000 0x06d90000 0x06dcffff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06de1fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06de1fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06de1fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06de1fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df6fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006de0000 0x06de0000 0x06df5fff Private Memory Readable, Writable True True False
private_0x0000000006e00000 0x06e00000 0x06efffff Private Memory Readable, Writable True True False
sortdefault.nls 0x06f00000 0x07236fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000007240000 0x07240000 0x0733ffff Private Memory Readable, Writable True True False
private_0x0000000007340000 0x07340000 0x0743ffff Private Memory Readable, Writable True True False
private_0x0000000007440000 0x07440000 0x0753ffff Private Memory Readable, Writable True True False
private_0x0000000007540000 0x07540000 0x0763ffff Private Memory Readable, Writable True True False
private_0x0000000007640000 0x07640000 0x0773ffff Private Memory Readable, Writable True True False
private_0x0000000007740000 0x07740000 0x0783ffff Private Memory Readable, Writable True True False
private_0x0000000007840000 0x07840000 0x0793ffff Private Memory Readable, Writable True True False
private_0x0000000007940000 0x07940000 0x07a14fff Private Memory Readable, Writable True True False
private_0x0000000007940000 0x07940000 0x0797ffff Private Memory Readable, Writable True True False
private_0x0000000007980000 0x07980000 0x079bffff Private Memory Readable, Writable True True False
private_0x00000000079c0000 0x079c0000 0x079fffff Private Memory Readable, Writable True True False
private_0x0000000007a10000 0x07a10000 0x07a14fff Private Memory Readable, Writable True True False
private_0x0000000007a20000 0x07a20000 0x07c1ffff Private Memory Readable, Writable True True False
private_0x0000000007a20000 0x07a20000 0x07a5ffff Private Memory Readable, Writable True True False
private_0x0000000007a60000 0x07a60000 0x07a9ffff Private Memory Readable, Writable True True False
private_0x0000000007a60000 0x07a60000 0x07a9ffff Private Memory Readable, Writable True True False
private_0x0000000007aa0000 0x07aa0000 0x07adffff Private Memory Readable, Writable True True False
private_0x0000000007aa0000 0x07aa0000 0x07adffff Private Memory Readable, Writable True True False
private_0x0000000007b00000 0x07b00000 0x07bfffff Private Memory Readable, Writable True True False
ole32.dll 0x07c00000 0x07ce8fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000007c00000 0x07c00000 0x07cfffff Private Memory Readable, Writable True True False
private_0x0000000007d00000 0x07d00000 0x07d3ffff Private Memory Readable, Writable True True False
private_0x0000000007d40000 0x07d40000 0x07d7ffff Private Memory Readable, Writable True True False
wow64cpu.dll 0x5c9f0000 0x5c9f7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x5ca00000 0x5ca72fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x5ca80000 0x5cacefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wininet.dll 0x725c0000 0x727e3fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dnsapi.dll 0x72d40000 0x72dc3fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
mswsock.dll 0x72e80000 0x72ecdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ondemandconnroutehelper.dll 0x72ed0000 0x72ee0fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winhttp.dll 0x72ef0000 0x72f96fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x731f0000 0x73217fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x73270000 0x73277fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x73350000 0x7337ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x733b0000 0x733defff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x733e0000 0x733f2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x73430000 0x734a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x73550000 0x7356afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iertutil.dll 0x73570000 0x73830fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
urlmon.dll 0x738d0000 0x73a2ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x73c40000 0x73c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74230000 0x74288fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74290000 0x74299fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x742a0000 0x742bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x74500000 0x7463ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x74730000 0x7475afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x74760000 0x75b1efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x75b80000 0x75c3dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x75c40000 0x75c83fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x75d40000 0x75dbafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x75dc0000 0x75e03fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75e70000 0x75f1bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75f20000 0x76095fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x760a0000 0x760e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x76280000 0x7630cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x763b0000 0x76441fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x76450000 0x76455fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ws2_32.dll 0x76470000 0x764cbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x764d0000 0x769acfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x769b0000 0x76afcfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x76bc0000 0x76caffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x76cf0000 0x76ea9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x76eb0000 0x76ebbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
crypt32.dll 0x76ec0000 0x77034fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x77040000 0x77046fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x77050000 0x7705efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msasn1.dll 0x77060000 0x7706dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77070000 0x7718ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77190000 0x77308fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007e92f000 0x7e92f000 0x7e931fff Private Memory Readable, Writable True True False
private_0x000000007e932000 0x7e932000 0x7e934fff Private Memory Readable, Writable True True False
private_0x000000007e932000 0x7e932000 0x7e934fff Private Memory Readable, Writable True True False
private_0x000000007e935000 0x7e935000 0x7e937fff Private Memory Readable, Writable True True False
private_0x000000007e938000 0x7e938000 0x7e93afff Private Memory Readable, Writable True True False
private_0x000000007e93b000 0x7e93b000 0x7e93dfff Private Memory Readable, Writable True True False
private_0x000000007e93e000 0x7e93e000 0x7e940fff Private Memory Readable, Writable True True False
private_0x000000007e941000 0x7e941000 0x7e943fff Private Memory Readable, Writable True True False
private_0x000000007e944000 0x7e944000 0x7e946fff Private Memory Readable, Writable True True False
private_0x000000007e947000 0x7e947000 0x7e949fff Private Memory Readable, Writable True True False
private_0x000000007e94a000 0x7e94a000 0x7e94cfff Private Memory Readable, Writable True True False
private_0x000000007e94d000 0x7e94d000 0x7e94ffff Private Memory Readable, Writable True True False
pagefile_0x000000007e950000 0x7e950000 0x7ea4ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ea50000 0x7ea50000 0x7ea72fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ea74000 0x7ea74000 0x7ea76fff Private Memory Readable, Writable True True False
private_0x000000007ea77000 0x7ea77000 0x7ea77fff Private Memory Readable, Writable True True False
private_0x000000007ea79000 0x7ea79000 0x7ea79fff Private Memory Readable, Writable True True False
private_0x000000007ea7a000 0x7ea7a000 0x7ea7cfff Private Memory Readable, Writable True True False
private_0x000000007ea7a000 0x7ea7a000 0x7ea7cfff Private Memory Readable, Writable True True False
private_0x000000007ea7d000 0x7ea7d000 0x7ea7ffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7dfb3d30ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfb3d310000 0x7dfb3d310000 0x7ffb3d30ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffb3d310000 0x7ffb3d4d1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffb3d4d2000 0x7ffb3d4d2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
For performance reasons, the remaining 24 entries are omitted.
The remaining entries can be found in flog.txt.
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x4f00000, size = 131072 True 1
Fn
Data
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x4f1b6a4, size = 4 True 1
Fn
Data
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x4f1b7c0, size = 4 True 1
Fn
Data
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x4f1bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x4f0b50c True 1
Fn
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.tmp 1.55 KB (1587 bytes) MD5: c8d692d45464cec7ac72a410014618a1
SHA1: 86337fe9402384748c740602d8f5b196da4f42fc
SHA256: c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.tmp 13.88 KB (14217 bytes) MD5: 6ad3a7538b8a7b4760beb75c29cc549e
SHA1: 6bce6136b2e7583a73a6729ea55e8a357c5109b9
SHA256: dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.tmp 4.10 KB (4197 bytes) MD5: 77f0193e8f6be3517577f1e1eda545be
SHA1: 555b8e0d22e10e617564bf02fd3b7c3e82a8748f
SHA256: 2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.tmp 66.83 KB (68433 bytes) MD5: 74cfc4d8677f142d44a5bc2e62fbbb76
SHA1: 9a844e74f70fa704f220dc17d1cd106edd178af5
SHA256: 6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\pgyfoaei3.tmp 7.15 KB (7323 bytes) MD5: 29670c5d286f19a05daaa33a87b3d3df
SHA1: 472724fd66d7a23bfdcba8dd651256da68dc042f
SHA256: c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61 		False
Modified Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\nieo_glbfe5pi.qef 1.64 KB (1680 bytes) MD5: 19e41a9bbee8b943fbffb11b43e91c6a
SHA1: 6d982ea6d2f07cb2241e397d556491196500013a
SHA256: 6e00e3dcb22d69648583f51e3192a927412f4d7ab2be7f0c36210e47a71f81c4 		False
c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\kinto.pyi 29.81 KB (30528 bytes) MD5: e9a283db6371a73a5c62a14e2c170aa8
SHA1: cddebb3cd338765b636e0a08630d7c016a6ac307
SHA256: 3bab6a563dcf574fec0f6098c360456b5f87ecc938e3719d130bb956ec9c6f2e 		False
c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\inetcache\ie\gy9r3u9a\q[1].htm 35.19 KB (36032 bytes) MD5: 38d28878b89fff302cf61231e0c56f47
SHA1: cff27aba9e63e9f7566ccda457568cbb5d9076b4
SHA256: 3c8117aee6d62bbd70e0674d4d98625d5898351ad8735a1372fbcfe404b3d834 		False
c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\inetcache\ie\gy9r3u9a\q[1].htm 0.19 KB (192 bytes) MD5: d7777a87cd48a2d3e8fd357148599a53
SHA1: f8b193a8c47e0402a41df81217608ad8c76a4fa8
SHA256: 46e1e998d8a31877f770db765fc7c7b615c32c6ee59a155cc95cc77f1435057d 		False
c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\inetcache\counters.dat 0.12 KB (128 bytes) MD5: d32d9269e9f78068b6c017d4f998d520
SHA1: 668b7f045d05589bab466d34bcb38ee4adc9b078
SHA256: db1e009e0ee178d96b318856cfcff37737e185bef0c7990a464ba0cd8df1a8b6 		False
Threads
Thread 0xd28
(Host: 58, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76bd7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76bd9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76bd25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x771cbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x771cda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76bdd940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76bd7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76bd7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76bd77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76bdd8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76bda0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76bd7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76bd9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74500000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x74534500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x771ef090 True 1
Fn
Module Get Handle module_name = advapi32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x771e95f0 True 1
Fn
Module Get Handle module_name = shlwapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x75dc0000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x76450000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 True 1
Fn
Mutex Create mutex_name = 8EB663269EDB2551D78D6BE980D8D1D5 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Module Get Handle module_name = secur32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = secur32.dll, base_address = 0x73c40000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x742a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x742ac5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 521 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 521, size_out = 521 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1088 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0x538
(Host: 194, Network: 28)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 3A05CFF4EB7DE2EF8F3985678370FA5D True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1088 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1088, size_out = 1088 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1370 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Module Get Handle module_name = wininet.dll, base_address = 0x0 False 1
Fn
Module Load module_name = wininet.dll, base_address = 0x725c0000 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1461 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1461, size_out = 1461 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1734 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Load module_name = crypt32.dll, base_address = 0x76ec0000 True 1
Fn
Module Load module_name = urlmon.dll, base_address = 0x738d0000 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /31F9UVfEun/0I1aalj/7QGREH4HU/RK/5rEg, accept_types = 82935808, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/31F9UVfEun/0I1aalj/7QGREH4HU/RK/5rEg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/31F9UVfEun/0I1aalj/7QGREH4HU/RK/5rEg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 1452 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, size = 1680, type = REG_BINARY True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, size = 1680 True 1
Fn
Data
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:38 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4449 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4449, size_out = 4449 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4663 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:38 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4663 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4663, size_out = 4663 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4943 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:38 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:38 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4943 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4943, size_out = 4943 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5210 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /mtV/jshKPnn7S1/Vn/HMa/z/b-N/oK/Q, accept_types = 82935808, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/mtV/jshKPnn7S1/Vn/HMa/z/b-N/oK/Q False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/mtV/jshKPnn7S1/Vn/HMa/z/b-N/oK/Q True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 3
Fn
Data
Inet Read Response size = 4096, size_out = 3883 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 12
Fn
Data
Inet Read Response size = 4096, size_out = 4088 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 1545 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\kinto.pyi, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\kinto.pyi, size = 30528 True 1
Fn
Data
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:39 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 5210 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5210, size_out = 5210 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5435 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0xe98
(Host: 379, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 55A4DE17653FCFB535BFCEB7986C3B1D True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1370 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1370, size_out = 1370 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1587 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 254 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 254, size_out = 254 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 503 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 503 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 503, size_out = 503 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 734 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 734 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 734, size_out = 734 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 983 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 983 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 983, size_out = 983 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1214 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1214 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1214, size_out = 1214 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1461 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1734 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1734, size_out = 1734 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1965 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1965 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1965, size_out = 1965 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2213 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2780 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2780, size_out = 2780 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3011 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3011 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3011, size_out = 3011 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3259 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3259 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3259, size_out = 3259 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3490 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3490 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3490, size_out = 3490 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3738 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3738 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3738, size_out = 3738 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3969 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3969 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3969, size_out = 3969 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4218 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4218 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4218, size_out = 4218 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4449 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Thread 0x8d4
(Host: 18, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 843724E431E9542E94836F8E62819404 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1088 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Copy source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
System Sleep duration = 300000 milliseconds (300.000 seconds) False 1
Fn
Thread 0xe94
(Host: 1489, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
Thread 0xe84
(Host: 33, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = containers.exe, data = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe", size = 236, type = REG_SZ True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 254 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = size, size_out = 404480 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 404480, size_out = 404480 True 1
Fn
Data
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x771d5e80 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x771d5e00 True 1
Fn
System Sleep duration = -1 (infinite) True 44
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xe8c
(Host: 2, Network: 0)
+
Category Operation Information Success Count Logfile
File Create Pipe pipe_name = \device\namedpipe\e7cb4c13c5ff510208fe9abc26bb5b59, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 True 1
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Process #6: svchost.exe
(Host: 143, Network: 0)
+
Information Value
ID #6
File Name c:\windows\syswow64\svchost.exe
Command Line C:\Windows\SysWOW64\svchost.exe -k netsvcs
Initial Working Directory C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
Monitor Start Time: 00:01:41, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:13:46
OS Process Information
+
Information Value
PID 0xea0
Parent PID 0xd34 (c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe)
Is Created or Modified Executable False
Integrity Level High (Elevated)
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:00013d92 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs
0x E88
0x B58
0x E80
0x FD4
0x FC4
0x FD0
0x D1C
0x C7C
0x C64
0x 8C8
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
svchost.exe 0x00370000 0x0037afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x0000000000750000 0x00750000 0x0474ffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x0000000004750000 0x04750000 0x0476ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004750000 0x04750000 0x0475ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
svchost.exe.mui 0x04760000 0x04760fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004770000 0x04770000 0x04771fff Private Memory Readable, Writable True True False
private_0x0000000004770000 0x04770000 0x04770fff Private Memory Readable, Writable True True False
pagefile_0x0000000004780000 0x04780000 0x04793fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000047a0000 0x047a0000 0x047dffff Private Memory Readable, Writable True True False
private_0x00000000047e0000 0x047e0000 0x0481ffff Private Memory Readable, Writable True True False
pagefile_0x0000000004820000 0x04820000 0x04823fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004830000 0x04830000 0x04830fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004840000 0x04840000 0x04841fff Private Memory Readable, Writable True True False
private_0x0000000004850000 0x04850000 0x0486ffff Private Memory Readable, Writable, Executable True True False
private_0x0000000004870000 0x04870000 0x048affff Private Memory Readable, Writable True True False
private_0x0000000004870000 0x04870000 0x04871fff Private Memory Readable, Writable True True False
private_0x0000000004870000 0x04870000 0x04871fff Private Memory Readable, Writable True True False
private_0x0000000004870000 0x04870000 0x048d2fff Private Memory Readable, Writable True True False
private_0x00000000048b0000 0x048b0000 0x048effff Private Memory Readable, Writable True True False
private_0x00000000048f0000 0x048f0000 0x0492ffff Private Memory Readable, Writable True True False
imm32.dll 0x04930000 0x04959fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004930000 0x04930000 0x04930fff Private Memory Readable, Writable True True False
private_0x0000000004940000 0x04940000 0x04940fff Private Memory Readable, Writable, Executable True True False
private_0x0000000004950000 0x04950000 0x04950fff Private Memory Readable, Writable True True False
private_0x0000000004960000 0x04960000 0x04963fff Private Memory Readable, Writable True True False
private_0x0000000004990000 0x04990000 0x04996fff Private Memory Readable, Writable True True False
private_0x00000000049a0000 0x049a0000 0x049dffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004a00000 0x04a00000 0x04afffff Private Memory Readable, Writable True True False
private_0x0000000004b00000 0x04b00000 0x04bfffff Private Memory Readable, Writable True True False
locale.nls 0x04c00000 0x04cbdfff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000004cc0000 0x04cc0000 0x04e47fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004e50000 0x04e50000 0x05004fff Private Memory Readable, Writable True True False
pagefile_0x0000000004e50000 0x04e50000 0x04fd0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005000000 0x05000000 0x05004fff Private Memory Readable, Writable True True False
private_0x0000000005010000 0x05010000 0x0520ffff Private Memory Readable, Writable True True False
private_0x0000000005030000 0x05030000 0x05033fff Private Memory Readable, Writable True True False
private_0x0000000005040000 0x05040000 0x0507ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005080000 0x05080000 0x050bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000050c0000 0x050c0000 0x050fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005100000 0x05100000 0x051fffff Private Memory Readable, Writable True True False
pagefile_0x0000000005200000 0x05200000 0x065fffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000006600000 0x06600000 0x066fffff Private Memory Readable, Writable True True False
sortdefault.nls 0x06700000 0x06a36fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000006a40000 0x06a40000 0x06b3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006b40000 0x06b40000 0x06c3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006c40000 0x06c40000 0x06d3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006d40000 0x06d40000 0x06d7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006d80000 0x06d80000 0x06e7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006e80000 0x06e80000 0x06ebffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006ec0000 0x06ec0000 0x06fbffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006fc0000 0x06fc0000 0x06ffffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007000000 0x07000000 0x070fffff Private Memory Readable, Writable True False False
  • Region Actions
wow64cpu.dll 0x5c9f0000 0x5c9f7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x5ca00000 0x5ca72fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x5ca80000 0x5cacefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x731f0000 0x73217fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x733b0000 0x733defff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x733e0000 0x733f2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x73550000 0x7356afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x73c40000 0x73c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74230000 0x74288fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x74290000 0x74299fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x742a0000 0x742bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x74500000 0x7463ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x74730000 0x7475afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x75b80000 0x75c3dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x75d40000 0x75dbafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x75dc0000 0x75e03fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x75e70000 0x75f1bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75f20000 0x76095fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x760a0000 0x760e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x76450000 0x76455fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x769b0000 0x76afcfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x76bc0000 0x76caffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x76cf0000 0x76ea9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77070000 0x7718ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x77190000 0x77308fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007e96e000 0x7e96e000 0x7e970fff Private Memory Readable, Writable True True False
private_0x000000007e971000 0x7e971000 0x7e973fff Private Memory Readable, Writable True True False
private_0x000000007e974000 0x7e974000 0x7e976fff Private Memory Readable, Writable True True False
private_0x000000007e977000 0x7e977000 0x7e979fff Private Memory Readable, Writable True True False
private_0x000000007e97a000 0x7e97a000 0x7e97cfff Private Memory Readable, Writable True True False
private_0x000000007e97d000 0x7e97d000 0x7e97ffff Private Memory Readable, Writable True True False
pagefile_0x000000007e980000 0x7e980000 0x7ea7ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ea80000 0x7ea80000 0x7eaa2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007eaa5000 0x7eaa5000 0x7eaa5fff Private Memory Readable, Writable True True False
private_0x000000007eaa6000 0x7eaa6000 0x7eaa6fff Private Memory Readable, Writable True True False
private_0x000000007eaa7000 0x7eaa7000 0x7eaa9fff Private Memory Readable, Writable True True False
private_0x000000007eaaa000 0x7eaaa000 0x7eaacfff Private Memory Readable, Writable True True False
private_0x000000007eaad000 0x7eaad000 0x7eaaffff Private Memory Readable, Writable True True False
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True True False
private_0x000000007fff0000 0x7fff0000 0x7dfb3d30ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfb3d310000 0x7dfb3d310000 0x7ffb3d30ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffb3d310000 0x7ffb3d4d1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffb3d4d2000 0x7ffb3d4d2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x4850000, size = 131072 True 1
Fn
Data
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x486b6a4, size = 4 True 1
Fn
Data
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x486b7c0, size = 4 True 1
Fn
Data
Modify Memory #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x486bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #2: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0xd30 address = 0x485b50c True 1
Fn
Threads
Thread 0xb58
(Host: 72, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x76bc0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x76bd7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76bd9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76bd25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x771cbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x771cda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76bdd940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76bd7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x76bd7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76bd77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76bdd8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x76bda0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76bd7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76bd9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x74500000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x74534500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x771ef090 True 1
Fn
Module Get Handle module_name = advapi32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x75d40000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x771e95f0 True 1
Fn
Module Get Handle module_name = shlwapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x75dc0000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x76450000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 True 1
Fn
Mutex Create mutex_name = 8592029A1BBD0F5EDCA2A860E613ACDB True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:37 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:37 (UTC) True 1
Fn
Module Get Handle module_name = secur32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = secur32.dll, base_address = 0x73c40000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x742a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x742ac5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2213 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2213, size_out = 2213 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2780 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\haawarq, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\tidyabxe, type = file_attributes False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Thread 0xfd4
(Host: 1, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
Thread 0xfc4
(Host: 55, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = containers.exe, data = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe", size = 236, type = REG_SZ True 1
Fn
System Get Time type = Local Time, time = 2017-12-01 01:36:58 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:58 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 5435 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5435, size_out = 5435 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5688 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 14:36:58 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 5688 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5688, size_out = 5688 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5921 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Open mutex_name = 8EB663269EDB2551D78D6BE980D8D1D5, desired_access = SYNCHRONIZE True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = size, size_out = 404480 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 404480, size_out = 404480 True 1
Fn
Data
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x771d5e80 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x77190000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x771d5e00 True 1
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xfd0
(Host: 3, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xd1c
(Host: 3, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xc7c
(Host: 4, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_NONE False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\niEo_GlbFe5Pi.qef, type = size, size_out = 0 True 1
Fn
Process #7: containers.exe
(Host: 248, Network: 0)
+
Information Value
ID #7
File Name c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe
Command Line "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:46, Reason: Autostart
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:12:41
OS Process Information
+
Information Value
PID 0x920
Parent PID 0x6d8 (c:\windows\explorer.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 554
0x 560
0x 4EC
0x 848
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000020000 0x00020000 0x00023fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000001c0000 0x001c0000 0x001c1fff Private Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x001d0000 0x0028dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000290000 0x00290000 0x002cffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000002d0000 0x002d0000 0x0030ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000310000 0x00310000 0x0031ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000320000 0x00320000 0x0041ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000420000 0x00420000 0x00420fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000430000 0x00430000 0x00430fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000440000 0x00440000 0x00446fff Private Memory Readable, Writable True False False
  • Region Actions
c_1256.nls 0x00450000 0x00460fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000470000 0x00470000 0x00473fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000480000 0x00480000 0x0048ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000490000 0x00490000 0x004cffff Private Memory Readable, Writable True False False
  • Region Actions
c_1251.nls 0x00490000 0x004a0fff Memory Mapped File Readable False False False
  • Region Actions
c_1254.nls 0x004b0000 0x004c0fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000004d0000 0x004d0000 0x005cffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000005d0000 0x005d0000 0x006cffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000006d0000 0x006d0000 0x00857fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000860000 0x00860000 0x009affff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000860000 0x00860000 0x0095ffff Private Memory Readable, Writable True False False
  • Region Actions
c_1250.nls 0x00960000 0x00970fff Memory Mapped File Readable False False False
  • Region Actions
c_1253.nls 0x00980000 0x00990fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000009a0000 0x009a0000 0x009affff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000009b0000 0x009b0000 0x009bffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000009b0000 0x009b0000 0x009b4fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x00000000009b0000 0x009b0000 0x009b0fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x00000000009b0000 0x009b0000 0x009b3fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000009c0000 0x009c0000 0x009cffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000009d0000 0x009d0000 0x00b50fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000b60000 0x00b60000 0x01f5ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001f60000 0x01f60000 0x0205ffff Private Memory Readable, Writable True False False
  • Region Actions
c_1257.nls 0x02060000 0x02070fff Memory Mapped File Readable False False False
  • Region Actions
c_1255.nls 0x02080000 0x02090fff Memory Mapped File Readable False False False
  • Region Actions
c_932.nls 0x020a0000 0x020c7fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000020d0000 0x020d0000 0x020dffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000020e0000 0x020e0000 0x025d1fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x025e0000 0x02916fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000002920000 0x02920000 0x02b1ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002b20000 0x02b20000 0x02f1ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002f20000 0x02f20000 0x0371ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000003720000 0x03720000 0x046effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000046f0000 0x046f0000 0x047effff Private Memory Readable, Writable True False False
  • Region Actions
c_949.nls 0x046f0000 0x04720fff Memory Mapped File Readable False False False
  • Region Actions
c_874.nls 0x04730000 0x04740fff Memory Mapped File Readable False False False
  • Region Actions
c_1258.nls 0x04750000 0x04760fff Memory Mapped File Readable False False False
  • Region Actions
c_936.nls 0x04770000 0x047a0fff Memory Mapped File Readable False False False
  • Region Actions
c_950.nls 0x047b0000 0x047e0fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000047f0000 0x047f0000 0x04877fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
kernelbase.dll.mui 0x04880000 0x0495efff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000004960000 0x04960000 0x04d5ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004960000 0x04960000 0x04971fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004960000 0x04960000 0x049dffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000049e0000 0x049e0000 0x049e1fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004b60000 0x04b60000 0x04beffff Private Memory Readable, Writable True False False
  • Region Actions
containers.exe 0x20c80000 0x20ce8fff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
samlib.dll 0x744f0000 0x74502fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74510000 0x74584fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
samcli.dll 0x74590000 0x745a3fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x745c0000 0x745c7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
netutils.dll 0x745d0000 0x745d9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
srvcli.dll 0x745e0000 0x745fbfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wkscli.dll 0x74600000 0x7460ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x74630000 0x7465ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
netapi32.dll 0x74660000 0x74672fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x74680000 0x74711fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winspool.drv 0x74720000 0x74786fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comdlg32.dll 0x748d0000 0x7498dfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x74ca0000 0x74ca6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x74e60000 0x7533cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x754c0000 0x75503fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x75690000 0x75779fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x75960000 0x7596bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x75a00000 0x75a8cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x75c50000 0x75c5efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75dd0000 0x75e61fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
coml2.dll 0x75ff0000 0x76047fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x76050000 0x7740efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007fead000 0x7fead000 0x7feaffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ffd5000 0x7ffd5000 0x7ffd7fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7ffe18a2ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Threads
Thread 0x554
(Host: 222, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x749aa330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x749a7580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x749a9910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x749af400 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 260 True 1
Fn
Window Create class_name = static, wndproc_parameter = 0 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 3
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 2
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x7780e7b0 True 1
Fn
Registry Open Key reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001} False 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001}, value_name = AccessPermission False 1
Fn
Registry Read Value reg_name = HKEY_CLASSES_ROOT\AppID\{10000002-0000-0000-0000-000000000001}, value_name = AccessPermission, data = 0 False 1
Fn
COM Create interface = 00000109-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x777a0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x777a0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Get Handle module_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, base_address = 0x20c80000 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x749a7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x749a7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x749a9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x777ff090 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shlwapi.dll, base_address = 0x77410000 True 1
Fn
System Get Computer Name result_out = LHNIWSJ True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = InstallDate, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, value_name = DigitalProductId False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:52 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x748b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Mutex Create mutex_name = 8C5FF35F44C67C34381EFF128FE58575 True 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = 8C5FF35F44C67C34381EFF128FE58575 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shell32.dll, base_address = 0x76050000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75690000 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CLSIDFromString, address_out = 0x75b41390 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x75780000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 260 True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:52 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info type = file_attributes False 1
Fn
File Create Directory - False 1
Fn
File Create desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ False 1
Fn
File Create desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ False 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x777a0000 True 1
Fn
File Create filename = \??\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = FILE_READ_EA, file_attributes = FILE_ATTRIBUTE_NORMAL True 1
Fn
File Get Info filename = \??\C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = extended True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:52 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 5921 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5921, size_out = 5921 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6181 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 6181 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6181, size_out = 6181 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6441 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = DD53550AC9EB25CC6151CE1EB2A70FC3 True 1
Fn
Mutex Open mutex_name = 4F35AC27449784784508471CC1E930C7, desired_access = SYNCHRONIZE False 1
Fn
Mutex Open mutex_name = 8EB663269EDB2551D78D6BE980D8D1D5, desired_access = SYNCHRONIZE False 2
Fn
Process Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0xad8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Mutex Create mutex_name = 5576A023ACFCB1DF07119694F5D31AAB True 1
Fn
Memory Allocate process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4d70000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 131072 True 1
Fn
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4d70000, size = 131072 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4d8b6a4, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4d8b7c0, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4d8bdb4, size = 4 True 1
Fn
Data
Thread Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x4d7b50c, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Mutex Open mutex_name = 8592029A1BBD0F5EDCA2A860E613ACDB, desired_access = SYNCHRONIZE False 2
Fn
Process Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, os_pid = 0x4e4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE True 1
Fn
Mutex Create mutex_name = E60F35D6C376C5F82E917CA84B9C2F25 True 1
Fn
Memory Allocate process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4a00000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 131072 True 1
Fn
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4a00000, size = 131072 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4a1b6a4, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4a1b7c0, size = 4 True 1
Fn
Data
Memory Write process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, address = 0x4a1bdb4, size = 4 True 1
Fn
Data
Thread Create process_name = C:\Windows\SysWOW64\svchost.exe -k netsvcs, proc_address = 0x4a0b50c, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Process #8: svchost.exe
(Host: 2096, Network: 423)
+
Information Value
ID #8
File Name c:\windows\syswow64\svchost.exe
Command Line C:\Windows\SysWOW64\svchost.exe -k netsvcs
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:57, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:12:30
OS Process Information
+
Information Value
PID 0xad8
Parent PID 0x920 (c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x AE0
0x AEC
0x A68
0x AE8
0x AF0
0x 7F0
0x 7F4
0x 7C4
0x 2D0
0x ADC
0x A64
0x AE4
0x 7B8
0x BF4
0x 5B8
0x 680
0x 890
0x 9B8
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
svchost.exe 0x000c0000 0x000cafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x0000000000c70000 0x00c70000 0x04c6ffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x0000000004c70000 0x04c70000 0x04c8ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004c70000 0x04c70000 0x04c7ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
svchost.exe.mui 0x04c80000 0x04c80fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004c90000 0x04c90000 0x04c91fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004c90000 0x04c90000 0x04c90fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004ca0000 0x04ca0000 0x04cb3fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004cc0000 0x04cc0000 0x04cfffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004d00000 0x04d00000 0x04d3ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004d40000 0x04d40000 0x04d43fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004d50000 0x04d50000 0x04d50fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004d60000 0x04d60000 0x04d61fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004d70000 0x04d70000 0x04d8ffff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000004d90000 0x04d90000 0x04dcffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004d90000 0x04d90000 0x04d91fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004d90000 0x04d90000 0x04df2fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004d90000 0x04d90000 0x04d92fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004d90000 0x04d90000 0x04d90fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
counters.dat 0x04da0000 0x04da0fff Memory Mapped File Readable, Writable True False False
  • Region Actions
private_0x0000000004db0000 0x04db0000 0x04deffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004dd0000 0x04dd0000 0x04e0ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004df0000 0x04df0000 0x04df1fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004df0000 0x04df0000 0x04dfffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004e00000 0x04e00000 0x04e00fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x04e10000 0x04ecdfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004ed0000 0x04ed0000 0x04f0ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004f10000 0x04f10000 0x04f4ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004f50000 0x04f50000 0x04f50fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004f60000 0x04f60000 0x04f66fff Private Memory Readable, Writable True False False
  • Region Actions
imm32.dll 0x04f70000 0x04f99fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004f70000 0x04f70000 0x04f70fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000004f80000 0x04f80000 0x04f81fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004f80000 0x04f80000 0x04fbffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004fc0000 0x04fc0000 0x04ffffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005000000 0x05000000 0x050fffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005100000 0x05100000 0x05287fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005290000 0x05290000 0x052cffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000052d0000 0x052d0000 0x052d3fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000052e0000 0x052e0000 0x052e1fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000052e0000 0x052e0000 0x052e1fff Pagefile Backed Memory Readable True False False
  • Region Actions
mswsock.dll.mui 0x052f0000 0x052f2fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000005300000 0x05300000 0x053fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005400000 0x05400000 0x054a4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005400000 0x05400000 0x0543ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005440000 0x05440000 0x0547ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005480000 0x05480000 0x05481fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005490000 0x05490000 0x05490fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000054a0000 0x054a0000 0x054a4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000054b0000 0x054b0000 0x056affff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000054b0000 0x054b0000 0x054effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000054f0000 0x054f0000 0x054f0fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005500000 0x05500000 0x055fffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005600000 0x05600000 0x05780fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000005790000 0x05790000 0x06b8ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000006b90000 0x06b90000 0x06c8ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006c90000 0x06c90000 0x06ccffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006d00000 0x06d00000 0x06d03fff Private Memory Readable, Writable True False False
  • Region Actions
ole32.dll 0x06d10000 0x06df8fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000006d10000 0x06d10000 0x06d4ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006d50000 0x06d50000 0x06d8ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006d90000 0x06d90000 0x06dcffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006e00000 0x06e00000 0x06efffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x06f00000 0x07236fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000007240000 0x07240000 0x0733ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007340000 0x07340000 0x0743ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007440000 0x07440000 0x0753ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007540000 0x07540000 0x0763ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007640000 0x07640000 0x0773ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007740000 0x07740000 0x0783ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007840000 0x07840000 0x07954fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007840000 0x07840000 0x0787ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007880000 0x07880000 0x078bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000078c0000 0x078c0000 0x078fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007900000 0x07900000 0x0793ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007950000 0x07950000 0x07954fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007960000 0x07960000 0x07b5ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007a00000 0x07a00000 0x07afffff Private Memory Readable, Writable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
schannel.dll 0x73b20000 0x73b7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x73b80000 0x73d88fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
fwpuclnt.dll 0x73d90000 0x73dd5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dnsapi.dll 0x73de0000 0x73e63fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
mswsock.dll 0x73e70000 0x73ebdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winhttp.dll 0x73ec0000 0x73f66fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iertutil.dll 0x73f70000 0x74230fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wininet.dll 0x74240000 0x74463fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rasadhlp.dll 0x74510000 0x74517fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x74520000 0x74527fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74530000 0x745a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x745c0000 0x745effff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ondemandconnroutehelper.dll 0x745f0000 0x74600fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
urlmon.dll 0x74630000 0x7478ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x74ca0000 0x74ca6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x74e60000 0x7533cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x754c0000 0x75503fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
crypt32.dll 0x75510000 0x75684fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ws2_32.dll 0x75790000 0x757ebfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msasn1.dll 0x758b0000 0x758bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x75960000 0x7596bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x75a00000 0x75a8cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x75c50000 0x75c5efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75dd0000 0x75e61fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x76050000 0x7740efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007f982000 0x7f982000 0x7f984fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f985000 0x7f985000 0x7f987fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f988000 0x7f988000 0x7f98afff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f98b000 0x7f98b000 0x7f98dfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f98e000 0x7f98e000 0x7f990fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f991000 0x7f991000 0x7f993fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f994000 0x7f994000 0x7f996fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f997000 0x7f997000 0x7f999fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f99a000 0x7f99a000 0x7f99cfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f99d000 0x7f99d000 0x7f99ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x000000007f9a0000 0x7f9a0000 0x7fa9ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007faa0000 0x7faa0000 0x7fac2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007fac4000 0x7fac4000 0x7fac6fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007fac7000 0x7fac7000 0x7fac9fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007faca000 0x7faca000 0x7facafff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007facb000 0x7facb000 0x7facbfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007facd000 0x7facd000 0x7facffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7dfe18a2ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfe18a30000 0x7dfe18a30000 0x7ffe18a2ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
For performance reasons, the remaining 60 entries are omitted.
The remaining entries can be found in flog.txt.
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4d70000, size = 131072 True 1
Fn
Data
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4d8b6a4, size = 4 True 1
Fn
Data
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4d8b7c0, size = 4 True 1
Fn
Data
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4d8bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4d7b50c True 1
Fn
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe 296.00 KB (303104 bytes) MD5: 2bbf4515f3f42a943b2732e24fc9f19e
SHA1: ce487e80749edeccbadefa9c6fb967ca743e70bd
SHA256: af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f 		False
Modified Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\inetcache\ie\gy9r3u9a\g[1].htm 0.19 KB (192 bytes) MD5: 8eb3797f52a0bbc1e9826d70636bc3fa
SHA1: 524c615ba75de8513477acfec8af51a28a7dbfde
SHA256: 1727cfb8c3f8af8d01089854993db8dc6528718202e3c855dbb2bca32d781768 		False
c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\inetcache\ie\gy9r3u9a\g[1].htm 0.19 KB (192 bytes) MD5: 2b07a02e4b1ff8e22172598ba3a6fba2
SHA1: fabff235cdff47ba51462a567b074f926c2f7f94
SHA256: fd3f3df862ff7941a9097c255b070dbdcdfdd558aacdcb504ecf7a0668476dc4 		False
c:\users\ciihmnxmn6ps\appdata\local\microsoft\windows\inetcache\ie\gy9r3u9a\w[1].htm 0.17 KB (172 bytes) MD5: d7fb3e78190127430968c50d9461fd82
SHA1: 192518e17d9ad1461bba00b7e207190c220a568f
SHA256: 0510c0e116492d789f1cd43daf3eb5be7d50158f018ce3a3a48786f46dfd945f 		False
Threads
Thread 0xaec
(Host: 58, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x749a7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x749a7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x749a9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x777ff090 True 1
Fn
Module Get Handle module_name = advapi32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Handle module_name = shlwapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x77410000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x75780000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 True 1
Fn
Mutex Create mutex_name = 8EB663269EDB2551D78D6BE980D8D1D5 True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:52 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Module Get Handle module_name = secur32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x748b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 6441 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6441, size_out = 6441 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7008 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0xae8
(Host: 162, Network: 22)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 3A05CFF4EB7DE2EF8F3985678370FA5D True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:52 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 7008 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7008, size_out = 7008 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7290 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Module Load module_name = wininet.dll, base_address = 0x74240000 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 8623 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8623, size_out = 8623 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8896 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Load module_name = urlmon.dll, base_address = 0x74630000 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /pW6teVTI/k-sq/J/2j7/cmhBJoSRZ8F/qDQ, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/pW6teVTI/k-sq/J/2j7/cmhBJoSRZ8F/qDQ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/pW6teVTI/k-sq/J/2j7/cmhBJoSRZ8F/qDQ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:59 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 9169 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9169, size_out = 9169 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9383 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:59 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 9383 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9383, size_out = 9383 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9663 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:59 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:59 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 9663 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9663, size_out = 9663 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9930 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /SEP4vYw6/sPlMZ/3/v0URdi/NOLRdM5J/cg, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/SEP4vYw6/sPlMZ/3/v0URdi/NOLRdM5J/cg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/SEP4vYw6/sPlMZ/3/v0URdi/NOLRdM5J/cg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 11042 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 11042, size_out = 11042 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 11267 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Release mutex_name = 3A05CFF4EB7DE2EF8F3985678370FA5D True 1
Fn
Thread 0xaf0
(Host: 571, Network: 118)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 55A4DE17653FCFB535BFCEB7986C3B1D True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = Local Time, time = 2017-11-30 14:37:52 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:52 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 7290 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7290, size_out = 7290 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7530 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 8350 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8350, size_out = 8350 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8623 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Load module_name = crypt32.dll, base_address = 0x75510000 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /8C1SLhHn/2_/8tA/E/H/Fbk/8JMoO2Tv/9/2Kg, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/8C1SLhHn/2_/8tA/E/H/Fbk/8JMoO2Tv/9/2Kg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/8C1SLhHn/2_/8tA/E/H/Fbk/8JMoO2Tv/9/2Kg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 3
Fn
Data
Inet Read Response size = 4096, size_out = 3883 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 12
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 15
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 15
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 15
Fn
Data
Inet Read Response size = 4096, size_out = 4088 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 7
Fn
Data
Inet Read Response size = 4096, size_out = 4088 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 7
Fn
Data
Inet Read Response size = 4096, size_out = 4088 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 7
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 54
Fn
Data
Inet Read Response size = 4096, size_out = 253 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 9930 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9930, size_out = 9930 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 10255 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, size = 303104 True 1
Fn
Data
Process Create process_name = "C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe" -update, os_pid = 0xa44, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE True 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 10255 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 10255, size_out = 10255 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 10530 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 10530 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 10530, size_out = 10530 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 10779 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 10779 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 10779, size_out = 10779 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 11042 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /NrY/r/c5FHX/_/0aFNoP8C8TO/VnC/g/, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/NrY/r/c5FHX/_/0aFNoP8C8TO/VnC/g/ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/NrY/r/c5FHX/_/0aFNoP8C8TO/VnC/g/ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 3
Fn
Data
Inet Read Response size = 4096, size_out = 3883 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 12
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 15
Fn
Data
Inet Read Response size = 4096, size_out = 4088 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 9
Fn
Data
Inet Read Response size = 4096, size_out = 2302 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Mutex Create mutex_name = 1F6114CF197C565BFF427879E00139DA True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_NONE False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, size = 95680, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 1F6114CF197C565BFF427879E00139DA True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:01 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 11887 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 11887, size_out = 11887 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12168 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:01 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 12168 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12168, size_out = 12168 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12417 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:01 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:01 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 12417 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12417, size_out = 12417 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12680 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /9piYZTuz9/2sx1Clf5U1sISMKMW81/q/MQ, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/9piYZTuz9/2sx1Clf5U1sISMKMW81/q/MQ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/9piYZTuz9/2sx1Clf5U1sISMKMW81/q/MQ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 3
Fn
Data
Inet Read Response size = 4096, size_out = 3883 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 12
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 15
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 20
Fn
Data
Inet Read Response size = 4096, size_out = 1683 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Mutex Create mutex_name = 1F6114CF197C565BFF427879E00139DA True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, size = 215872, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 1F6114CF197C565BFF427879E00139DA True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 12680 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12680, size_out = 12680 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12961 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 12961 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 12961, size_out = 12961 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 13208 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:02 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 13208 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 13208, size_out = 13208 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 13467 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /l6yH/j4/plG2GbX2ldR8utbqF/HD/A, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/l6yH/j4/plG2GbX2ldR8utbqF/HD/A False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/l6yH/j4/plG2GbX2ldR8utbqF/HD/A True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 3
Fn
Data
Inet Read Response size = 4096, size_out = 3883 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 12
Fn
Data
Inet Read Response size = 4096, size_out = 4087 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 15
Fn
Data
Inet Read Response size = 4096, size_out = 4088 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 8
Fn
Data
Inet Read Response size = 4096, size_out = 3814 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Mutex Create mutex_name = 1F6114CF197C565BFF427879E00139DA True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, size = 310112, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 1F6114CF197C565BFF427879E00139DA True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:03 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 13467 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 13467, size_out = 13467 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 13746 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 274 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 274, size_out = 274 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 522 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 522 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 522, size_out = 522 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 779 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /cIh/g/P/V0METF/RW/hZEvuN/Yd5W/J/w/, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/cIh/g/P/V0METF/RW/hZEvuN/Yd5W/J/w/ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/cIh/g/P/V0METF/RW/hZEvuN/Yd5W/J/w/ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1032 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1032, size_out = 1032 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1280 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1280 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1280, size_out = 1280 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1537 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /sTx52Lxwi/k/OhkZ/j_hXlZYAu/ad/N6VyPA, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/sTx52Lxwi/k/OhkZ/j_hXlZYAu/ad/N6VyPA False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/sTx52Lxwi/k/OhkZ/j_hXlZYAu/ad/N6VyPA True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:29 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1537 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1537, size_out = 1537 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1785 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:29 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:29 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1785 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1785, size_out = 1785 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2046 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /TkN2Lgy/t9dSY/UHKX3/Va/P4CpZe5q/Lw, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/TkN2Lgy/t9dSY/UHKX3/Va/P4CpZe5q/Lw False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/TkN2Lgy/t9dSY/UHKX3/Va/P4CpZe5q/Lw True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:29 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2046 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2046, size_out = 2046 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2295 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:29 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:29 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2295 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2295, size_out = 2295 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2556 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /3qeDwipy/0M/15F3rEV/lgCANe/hdf5/O/PQ, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/3qeDwipy/0M/15F3rEV/lgCANe/hdf5/O/PQ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/3qeDwipy/0M/15F3rEV/lgCANe/hdf5/O/PQ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Mutex Release mutex_name = 55A4DE17653FCFB535BFCEB7986C3B1D True 1
Fn
Thread 0x7f0
(Host: 103, Network: 33)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 843724E431E9542E94836F8E62819404 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = size, size_out = 1587 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Load module_name = urlmon.dll, base_address = 0x74630000 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = google.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = google.com/ True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 10
Fn
Data
Inet Read Response size = 4096, size_out = 3339 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = Ticks, time = 47031 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75690000 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoInitializeEx, address_out = 0x75afcd50 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoCreateInstance, address_out = 0x75b38200 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoSetProxyBlanket, address_out = 0x75b586d0 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoUninitialize, address_out = 0x75afdca0 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75dd0000 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG True 4
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = size, size_out = 1587 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, size = 1587, size_out = 1587 True 1
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:37:59 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 8896 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8896, size_out = 8896 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 9169 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /xnecdWiG1/m9/J5MGn6/T/2YACd/yAYfNpLQ, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/xnecdWiG1/m9/J5MGn6/T/2YACd/yAYfNpLQ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/xnecdWiG1/m9/J5MGn6/T/2YACd/yAYfNpLQ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 88 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
File Delete filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
System Sleep duration = 300000 milliseconds (300.000 seconds) True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 14217 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Copy source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:27 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = size, size_out = 14217 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, size = 14217, size_out = 14217 True 1
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:38:27 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 274 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /WJFCdFULD/tP/ZaEGn/rc/211/J/v/ijQ/fN4EQ, accept_types = 81297408, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/WJFCdFULD/tP/ZaEGn/rc/211/J/v/ijQ/fN4EQ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/WJFCdFULD/tP/ZaEGn/rc/211/J/v/ijQ/fN4EQ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 88 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
File Delete filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
System Sleep duration = 300000 milliseconds (300.000 seconds) True 1
Fn
Mutex Release mutex_name = 843724E431E9542E94836F8E62819404 True 1
Fn
Thread 0x7f4
(Host: 1058, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_CREATE_THREAD, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME True 1
Fn
Memory Allocate process_name = c:\windows\syswow64\msiexec.exe, address = 0x460000, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 131072 True 1
Fn
Memory Write process_name = c:\windows\syswow64\msiexec.exe, address = 0x460000, size = 131072 True 1
Fn
Data
Memory Write process_name = c:\windows\syswow64\msiexec.exe, address = 0x47b6a4, size = 4 True 1
Fn
Data
Memory Write process_name = c:\windows\syswow64\msiexec.exe, address = 0x47b7c0, size = 4 True 1
Fn
Data
Memory Write process_name = c:\windows\syswow64\msiexec.exe, address = 0x47bdb4, size = 4 True 1
Fn
Data
Thread Create process_name = c:\windows\syswow64\msiexec.exe, proc_address = 0x46b50c, proc_parameter = 0, flags = THREAD_RUNS_IMMEDIATELY True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Mutex Create mutex_name = 690CE47B932790ABBAE4486C8750D5B2 True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Mutex Release mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
Thread 0x7c4
(Host: 34, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = containers.exe, data = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe", size = 236, type = REG_SZ True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:53 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 8097 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8097, size_out = 8097 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8350 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = size, size_out = 404480 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 404480, size_out = 404480 True 1
Fn
Data
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x777e5e80 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x777e5e00 True 1
Fn
System Sleep duration = -1 (infinite) True 51
Fn
Mutex Release mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Thread 0x2d0
(Host: 2, Network: 0)
+
Category Operation Information Success Count Logfile
File Create Pipe pipe_name = pipe\e7cb4c13c5ff510208fe9abc26bb5b59, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0xadc
(Host: 5, Network: 0)
+
Category Operation Information Success Count Logfile
System Sleep duration = 20000 milliseconds (20.000 seconds) True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlRemoveVectoredExceptionHandler, address_out = 0x777c8870 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlDeleteCriticalSection, address_out = 0x777f9920 True 1
Fn
Process #9: svchost.exe
(Host: 132, Network: 0)
+
Information Value
ID #9
File Name c:\windows\syswow64\svchost.exe
Command Line C:\Windows\SysWOW64\svchost.exe -k netsvcs
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:02:57, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:12:30
OS Process Information
+
Information Value
PID 0x4e4
Parent PID 0x920 (c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x BE0
0x BEC
0x 2E4
0x 848
0x 988
0x BF8
0x 4F0
0x 86C
0x 7BC
0x A88
0x A78
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
svchost.exe 0x000c0000 0x000cafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x0000000000900000 0x00900000 0x048fffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x0000000004900000 0x04900000 0x0491ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004900000 0x04900000 0x0490ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
svchost.exe.mui 0x04910000 0x04910fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004920000 0x04920000 0x04921fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004920000 0x04920000 0x04920fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004930000 0x04930000 0x04943fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004950000 0x04950000 0x0498ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004990000 0x04990000 0x049cffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000049d0000 0x049d0000 0x049d3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000049e0000 0x049e0000 0x049e0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000049f0000 0x049f0000 0x049f1fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004a00000 0x04a00000 0x04a1ffff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000004a20000 0x04a20000 0x04a5ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004a60000 0x04a60000 0x04a9ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004aa0000 0x04aa0000 0x04adffff Private Memory Readable, Writable True False False
  • Region Actions
imm32.dll 0x04ae0000 0x04b09fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004ae0000 0x04ae0000 0x04ae0fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004af0000 0x04af0000 0x04af0fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000004b00000 0x04b00000 0x04b01fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004b00000 0x04b00000 0x04b00fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004b10000 0x04b10000 0x04b13fff Private Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x04b20000 0x04bddfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004be0000 0x04be0000 0x04c1ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004c80000 0x04c80000 0x04c86fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004c90000 0x04c90000 0x04ccffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004d00000 0x04d00000 0x04dfffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004e00000 0x04e00000 0x04efffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004f00000 0x04f00000 0x05087fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005090000 0x05090000 0x05124fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005090000 0x05090000 0x050f2fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005100000 0x05100000 0x05103fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005120000 0x05120000 0x05124fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005130000 0x05130000 0x0532ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000051b0000 0x051b0000 0x051effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005200000 0x05200000 0x052fffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005300000 0x05300000 0x05480fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000005490000 0x05490000 0x0688ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000006890000 0x06890000 0x068cffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006900000 0x06900000 0x069fffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x06a00000 0x06d36fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000006e40000 0x06e40000 0x06f3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007240000 0x07240000 0x0733ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007340000 0x07340000 0x0737ffff Private Memory Readable, Writable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007f2ab000 0x7f2ab000 0x7f2adfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f2ae000 0x7f2ae000 0x7f2b0fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f2ba000 0x7f2ba000 0x7f2bcfff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x000000007f2c0000 0x7f2c0000 0x7f3bffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007f3c0000 0x7f3c0000 0x7f3e2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007f3e4000 0x7f3e4000 0x7f3e4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f3e6000 0x7f3e6000 0x7f3e8fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f3e9000 0x7f3e9000 0x7f3ebfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f3ec000 0x7f3ec000 0x7f3eefff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f3ef000 0x7f3ef000 0x7f3effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7dfe18a2ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfe18a30000 0x7dfe18a30000 0x7ffe18a2ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4a00000, size = 131072 True 1
Fn
Data
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4a1b6a4, size = 4 True 1
Fn
Data
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4a1b7c0, size = 4 True 1
Fn
Data
Modify Memory #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4a1bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #7: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x554 address = 0x4a0b50c True 1
Fn
Threads
Thread 0xbec
(Host: 72, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x749a7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x749a7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x749a9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x777ff090 True 1
Fn
Module Get Handle module_name = advapi32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Handle module_name = shlwapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x77410000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x75780000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 True 1
Fn
Mutex Create mutex_name = 8592029A1BBD0F5EDCA2A860E613ACDB True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:37:53 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:37:53 (UTC) True 1
Fn
Module Get Handle module_name = secur32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x748b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 7530 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7530, size_out = 7530 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 8097 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\agvufyy, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\aduqmaq, type = file_attributes False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Thread 0x848
(Host: 2, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
Mutex Release mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
Thread 0x988
(Host: 34, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = containers.exe, data = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe", size = 236, type = REG_SZ True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:38:28 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:28 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 779 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 779, size_out = 779 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1032 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = size, size_out = 404480 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 404480, size_out = 404480 True 1
Fn
Data
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x777e5e80 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x777e5e00 True 1
Fn
System Sleep duration = -1 (infinite) True 1
Fn
Mutex Release mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Thread 0xbf8
(Host: 3, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0x4f0
(Host: 3, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Sleep duration = -1 (infinite) True 1
Fn
Thread 0x86c
(Host: 6, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_NONE False 1
Fn
Thread 0x7bc
(Host: 5, Network: 0)
+
Category Operation Information Success Count Logfile
System Sleep duration = 20000 milliseconds (20.000 seconds) True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlRemoveVectoredExceptionHandler, address_out = 0x777c8870 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlDeleteCriticalSection, address_out = 0x777f9920 True 1
Fn
Process #12: updee12df24.exe
(Host: 2087, Network: 0)
+
Information Value
ID #12
File Name c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe
Command Line "C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe" -update
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:03:04, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:12:23
OS Process Information
+
Information Value
PID 0xa44
Parent PID 0xad8 (c:\windows\syswow64\svchost.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x A90
0x A54
0x A18
0x A88
0x A9C
0x 84
0x 1B4
0x A6C
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000020000 0x00020000 0x00023fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000001c0000 0x001c0000 0x001c1fff Private Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x001d0000 0x0028dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000290000 0x00290000 0x00290fff Private Memory Readable, Writable True False False
  • Region Actions
msvfw32.dll.mui 0x002a0000 0x002a1fff Memory Mapped File Readable False False False
  • Region Actions
avicap32.dll.mui 0x002b0000 0x002b2fff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000002c0000 0x002c0000 0x002cffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000002d0000 0x002d0000 0x0030ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000310000 0x00310000 0x0040ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000410000 0x00410000 0x0044ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000450000 0x00450000 0x00453fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000460000 0x00460000 0x0047ffff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000000480000 0x00480000 0x00480fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000000490000 0x00490000 0x00492fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000490000 0x00490000 0x0049ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000490000 0x00490000 0x00494fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000490000 0x00490000 0x00490fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000004a0000 0x004a0000 0x004a3fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000004b0000 0x004b0000 0x005affff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000005b0000 0x005b0000 0x00737fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000740000 0x00740000 0x0083ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000840000 0x00840000 0x0087ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000840000 0x00840000 0x00851fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000840000 0x00840000 0x00840fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
pagefile_0x0000000000840000 0x00840000 0x00840fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000850000 0x00850000 0x00853fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000850000 0x00850000 0x00851fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000860000 0x00860000 0x00863fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000870000 0x00870000 0x00873fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000008a0000 0x008a0000 0x008affff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000008b0000 0x008b0000 0x00a30fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000a40000 0x00a40000 0x01e3ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001e40000 0x01e40000 0x01f3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000001f40000 0x01f40000 0x01f7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000001fa0000 0x01fa0000 0x01faffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000001fc0000 0x01fc0000 0x02017fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000002030000 0x02030000 0x0203ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002040000 0x02040000 0x021effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002040000 0x02040000 0x0213ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002140000 0x02140000 0x02189fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002140000 0x02140000 0x0217ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002180000 0x02180000 0x021bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000021e0000 0x021e0000 0x021effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000021f0000 0x021f0000 0x022effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000022f0000 0x022f0000 0x023effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002390000 0x02390000 0x0241ffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x02420000 0x02756fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000002760000 0x02760000 0x0285ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002940000 0x02940000 0x029cffff Private Memory Readable, Writable True False False
  • Region Actions
updee12df24.exe 0x0d160000 0x0d1aefff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
devobj.dll 0x736c0000 0x736e0fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msacm32.dll 0x736f0000 0x73707fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winmmbase.dll 0x73710000 0x73732fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winmm.dll 0x73740000 0x73763fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvfw32.dll 0x73770000 0x73792fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x737a0000 0x73831fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
avifil32.dll 0x73870000 0x7388bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
apphelp.dll 0x73890000 0x73920fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pdh.dll 0x73a10000 0x73a52fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
avicap32.dll 0x73a60000 0x73a73fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iertutil.dll 0x73f70000 0x74230fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x74520000 0x74527fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74530000 0x745a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x745c0000 0x745effff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
urlmon.dll 0x74630000 0x7478ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x74ca0000 0x74ca6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x74e60000 0x7533cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x754c0000 0x75503fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x75690000 0x75779fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ws2_32.dll 0x75790000 0x757ebfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cfgmgr32.dll 0x75870000 0x758a5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x75960000 0x7596bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x75a00000 0x75a8cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x75c50000 0x75c5efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75dd0000 0x75e61fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x76050000 0x7740efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007fea7000 0x7fea7000 0x7fea9fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007feaa000 0x7feaa000 0x7feacfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007fead000 0x7fead000 0x7feaffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ffd5000 0x7ffd5000 0x7ffd7fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7ffe18a2ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #8: c:\windows\syswow64\svchost.exe 0x7f4 address = 0x460000, size = 131072 True 1
Fn
Data
Modify Memory #8: c:\windows\syswow64\svchost.exe 0x7f4 address = 0x47b6a4, size = 4 True 1
Fn
Data
Modify Memory #8: c:\windows\syswow64\svchost.exe 0x7f4 address = 0x47b7c0, size = 4 True 1
Fn
Data
Modify Memory #8: c:\windows\syswow64\svchost.exe 0x7f4 address = 0x47bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #8: c:\windows\syswow64\svchost.exe 0x7f4 address = 0x46b50c True 1
Fn
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmn~1\appdata\local\temp\upd3171fe7c.bat 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\upd3171fe7c.bat 0.21 KB (216 bytes) MD5: a0db5e235a3bd5ca182e4a13ebaaae54
SHA1: cd66857e9c9884b4628aabb61efc1395720ca834
SHA256: bbab54e96dda0a86cd9ca1197fdb44a691b653ea5a3f6752180889b28a3d1828 		False
Threads
Thread 0xa90
(Host: 1753, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x749aa330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x749a7580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x749a9910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x749af400 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe, base_address = 0xd160000 True 1
Fn
Window Create window_name = Press, class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
System Get Cursor x_out = 972, y_out = 552 True 4
Fn
System Get Cursor x_out = 233, y_out = 265 True 3
Fn
System Get Cursor x_out = 1154, y_out = 739 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = Unknown module name, function = SetLayeredWindowAttributes, address_out = 0x0 False 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Load module_name = kernel32, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Window Set Attribute index = 18446744073709551612, new_long = 0 False 249
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
For performance reasons, the remaining 741 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xa88
(Host: 54, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x749a7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x749a7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x749a9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x777ff090 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\shlwapi.dll, base_address = 0x77410000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x75780000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, size = 260 True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:38:00 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:38:00 (UTC) True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x748b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 11267 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 11267, size_out = 11267 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 11887 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0xa9c
(Host: 6, Network: 0)
+
Category Operation Information Success Count Logfile
System Sleep duration = 100 milliseconds (0.100 seconds) True 9
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlRemoveVectoredExceptionHandler, address_out = 0x777c8870 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlDeleteCriticalSection, address_out = 0x777f9920 True 1
Fn
System Sleep duration = 100 milliseconds (0.100 seconds) True 10
Fn
Process #13: containers.exe
(Host: 2405, Network: 0)
+
Information Value
ID #13
File Name c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe
Command Line "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe"
Initial Working Directory C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
Monitor Start Time: 00:03:33, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:11:54
OS Process Information
+
Information Value
PID 0x1a4
Parent PID 0xa44 (c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe)
Is Created or Modified Executable True
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x 204
0x 26C
0x 200
0x CDC
0x CE4
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000010000 0x00010000 0x0001ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000020000 0x00020000 0x00023fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00030fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000000a0000 0x000a0000 0x0019ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000001a0000 0x001a0000 0x001a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000001b0000 0x001b0000 0x001b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000001c0000 0x001c0000 0x001c1fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000001d0000 0x001d0000 0x0020ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000210000 0x00210000 0x00210fff Private Memory Readable, Writable True False False
  • Region Actions
msvfw32.dll.mui 0x00220000 0x00221fff Memory Mapped File Readable False False False
  • Region Actions
avicap32.dll.mui 0x00230000 0x00232fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000240000 0x00240000 0x00243fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000250000 0x00250000 0x0025ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000250000 0x00250000 0x00254fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000250000 0x00250000 0x00250fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000260000 0x00260000 0x0026ffff Private Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x00270000 0x0032dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000000330000 0x00330000 0x00341fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000330000 0x00330000 0x0036ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000370000 0x00370000 0x00370fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
pagefile_0x0000000000370000 0x00370000 0x00370fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000380000 0x00380000 0x00383fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000390000 0x00390000 0x00390fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000003b0000 0x003b0000 0x004affff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000004b0000 0x004b0000 0x005affff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000005b0000 0x005b0000 0x00737fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000750000 0x00750000 0x007dffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000007f0000 0x007f0000 0x007fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000850000 0x00850000 0x0085ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000890000 0x00890000 0x0089ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000008a0000 0x008a0000 0x00a20fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000000a30000 0x00a30000 0x01e2ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000001e30000 0x01e30000 0x01f0ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000001e90000 0x01e90000 0x01ee7fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000001f00000 0x01f00000 0x01f0ffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x01f10000 0x02246fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000002250000 0x02250000 0x0234ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002350000 0x02350000 0x0244ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000002450000 0x02450000 0x0254ffff Private Memory Readable, Writable True False False
  • Region Actions
containers.exe 0x0d160000 0x0d1aefff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
devobj.dll 0x736c0000 0x736e0fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msacm32.dll 0x736f0000 0x73707fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winmmbase.dll 0x73710000 0x73732fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winmm.dll 0x73740000 0x73763fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvfw32.dll 0x73770000 0x73792fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x737a0000 0x73831fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
avifil32.dll 0x73870000 0x7388bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pdh.dll 0x73a10000 0x73a52fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
avicap32.dll 0x73a60000 0x73a73fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iertutil.dll 0x73f70000 0x74230fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x74520000 0x74527fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74530000 0x745a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x745c0000 0x745effff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
urlmon.dll 0x74630000 0x7478ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x74ca0000 0x74ca6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x74e60000 0x7533cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x754c0000 0x75503fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ole32.dll 0x75690000 0x75779fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ws2_32.dll 0x75790000 0x757ebfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cfgmgr32.dll 0x75870000 0x758a5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x75960000 0x7596bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x75a00000 0x75a8cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x75c50000 0x75c5efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75dd0000 0x75e61fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x76050000 0x7740efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x000000007feb0000 0x7feb0000 0x7ffaffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ffb0000 0x7ffb0000 0x7ffd2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ffd5000 0x7ffd5000 0x7ffd7fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffd8000 0x7ffd8000 0x7ffdafff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffdb000 0x7ffdb000 0x7ffddfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffde000 0x7ffde000 0x7ffdefff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffdf000 0x7ffdf000 0x7ffdffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7ffe18a2ffff Private Memory Readable True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Threads
Thread 0x204
(Host: 2147, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x749aa330 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x749a7580 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x749a9910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x749af400 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Open filename = STD_ERROR_HANDLE True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Filename process_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 260 True 1
Fn
Module Get Handle module_name = c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe, base_address = 0xd160000 True 1
Fn
Window Create window_name = Press, class_name = BUTTON, wndproc_parameter = 0 True 1
Fn
System Get Cursor x_out = 1097, y_out = 484 True 5
Fn
System Get Cursor x_out = 859, y_out = 14 True 3
Fn
System Get Cursor x_out = 390, y_out = 885 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = Unknown module name, function = SetLayeredWindowAttributes, address_out = 0x0 False 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Load module_name = kernel32, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Window Set Attribute index = 18446744073709551612, new_long = 0 False 249
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Window Create window_name = Окно, class_name = iClass, wndproc_parameter = 0 False 1
Fn
For performance reasons, the remaining 1136 entries are omitted.
The remaining entries can be found in glog.xml.
Process #14: cmd.exe
(Host: 4381, Network: 0)
+
Information Value
ID #14
File Name c:\windows\syswow64\cmd.exe
Command Line "C:\Windows\system32\cmd.exe" /c "C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat"
Initial Working Directory C:\Windows\system32\
Monitor Start Time: 00:04:05, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:11:22
OS Process Information
+
Information Value
PID 0xf7c
Parent PID 0xa44 (c:\users\ciihmn~1\appdata\local\temp\updee12df24.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x F88
0x FBC
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
cmd.exe 0x002b0000 0x002fffff Memory Mapped File Readable, Writable, Executable True False False
  • Region Actions
pagefile_0x0000000000e40000 0x00e40000 0x04e3ffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x0000000004e40000 0x04e40000 0x04e5ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004e40000 0x04e40000 0x04e4ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004e50000 0x04e50000 0x04e53fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004e60000 0x04e60000 0x04e61fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004e60000 0x04e60000 0x04e63fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004e70000 0x04e70000 0x04e83fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004e90000 0x04e90000 0x04ecffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004ed0000 0x04ed0000 0x04fcffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004fd0000 0x04fd0000 0x04fd3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000004fe0000 0x04fe0000 0x04fe0fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004ff0000 0x04ff0000 0x04ff1fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005000000 0x05000000 0x0503ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005040000 0x05040000 0x0504ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005050000 0x05050000 0x0505ffff Private Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x05060000 0x0511dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000005140000 0x05140000 0x0523ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005240000 0x05240000 0x0533ffff Private Memory Readable, Writable True False False
  • Region Actions
cmd.exe.mui 0x05340000 0x05360fff Memory Mapped File Readable False False False
  • Region Actions
kernelbase.dll.mui 0x05370000 0x0544efff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000005450000 0x05450000 0x0545ffff Private Memory Readable, Writable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cmdext.dll 0x74600000 0x74607fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x000000007ee50000 0x7ee50000 0x7ef4ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ef50000 0x7ef50000 0x7ef72fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ef76000 0x7ef76000 0x7ef76fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef79000 0x7ef79000 0x7ef79fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef7a000 0x7ef7a000 0x7ef7cfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef7d000 0x7ef7d000 0x7ef7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7dfe18a2ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfe18a30000 0x7dfe18a30000 0x7ffe18a2ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Threads
Thread 0xf88
(Host: 3073, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\cmd.exe, base_address = 0x2b0000 True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x749d2780 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 3
Fn
File Open filename = STD_INPUT_HANDLE True 2
Fn
Environment Get Environment String - True 2
Fn
Data
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE False 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE False 1
Fn
Module Get Filename process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 True 1
Fn
Environment Get Environment String name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
Environment Get Environment String name = PROMPT False 1
Fn
Environment Set Environment String name = PROMPT, value = $P$G True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Environment Get Environment String name = COMSPEC, result_out = C:\Windows\system32\cmd.exe True 1
Fn
Environment Get Environment String name = KEYS False 1
Fn
File Get Info filename = C:\Windows\system32, type = file_attributes True 1
Fn
File Get Info filename = C:\Windows\System32, type = file_attributes True 1
Fn
Environment Set Environment String name = =C:, value = C:\Windows\System32 True 1
Fn
Environment Get Environment String - True 1
Fn
Data
Module Get Handle module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x749afa80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x749aa790 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x75f835c0 True 1
Fn
Environment Get Environment String name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 216 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 205 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe, type = file_attributes True 2
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\updee12df24.exe False 1
Fn
File Open filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE False 1
Fn
File Delete filename = C:\Users\CIIHMN~1\AppData\Local\Temp\UPDEE1~1.EXE False 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 1
Fn
File Get Info filename = STD_OUTPUT_HANDLE, type = file_type True 1
Fn
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Write filename = STD_OUTPUT_HANDLE, size = 54 True 1
Fn
Data
File Open filename = STD_ERROR_HANDLE True 1
Fn
File Get Info filename = STD_ERROR_HANDLE, type = file_type True 1
Fn
File Open filename = STD_ERROR_HANDLE True 2
Fn
File Write filename = STD_ERROR_HANDLE, size = 19 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 135 True 1
Fn
Data
File Open - True 1
Fn
File Get Info type = file_type True 1
Fn
File Open - True 3
Fn
File Get Info type = size True 1
Fn
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 63 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 0 True 1
Fn
File Open - True 3
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 216 True 1
Fn
Data
File Open - True 2
Fn
File Get Info type = file_type True 1
Fn
File Read size = 512, size_out = 205 True 1
Fn
Data
File Open filename = STD_OUTPUT_HANDLE True 2
Fn
File Open filename = STD_INPUT_HANDLE True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd3171fe7c.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Open - True 2
Fn
File Read size = 8191, size_out = 201 True 1
Fn
Data
For performance reasons, the remaining 2073 entries are omitted.
The remaining entries can be found in glog.xml.
Process #16: svchost.exe
(Host: 20794, Network: 527)
+
Information Value
ID #16
File Name c:\windows\syswow64\svchost.exe
Command Line C:\Windows\SysWOW64\svchost.exe -k netsvcs
Initial Working Directory C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
Monitor Start Time: 00:05:05, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:10:22
OS Process Information
+
Information Value
PID 0xd84
Parent PID 0x1a4 (c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x D90
0x D8C
0x DA0
0x D94
0x DBC
0x DB8
0x DB0
0x DD0
0x FC4
0x 694
0x CA8
0x CC0
0x C40
0x DF0
0x 29C
0x D24
0x 5C0
0x BE0
0x 658
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
svchost.exe 0x000c0000 0x000cafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x0000000000f40000 0x00f40000 0x04f3ffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x0000000004f40000 0x04f40000 0x04f5ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004f40000 0x04f40000 0x04f4ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
svchost.exe.mui 0x04f50000 0x04f50fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004f60000 0x04f60000 0x04f61fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004f60000 0x04f60000 0x04f60fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004f70000 0x04f70000 0x04f83fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004f90000 0x04f90000 0x04fcffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004fd0000 0x04fd0000 0x0500ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005010000 0x05010000 0x05013fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000005020000 0x05020000 0x05020fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005030000 0x05030000 0x05031fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005040000 0x05040000 0x0505ffff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000005060000 0x05060000 0x0509ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005060000 0x05060000 0x05060fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005060000 0x05060000 0x050a9fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005060000 0x05060000 0x05060fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
counters.dat 0x05070000 0x05070fff Memory Mapped File Readable, Writable True False False
  • Region Actions
private_0x0000000005080000 0x05080000 0x050bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000050a0000 0x050a0000 0x050dffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000050c0000 0x050c0000 0x050cffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000050d0000 0x050d0000 0x050d0fff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x050e0000 0x0519dfff Memory Mapped File Readable False False False
  • Region Actions
private_0x00000000051a0000 0x051a0000 0x051dffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000051e0000 0x051e0000 0x0521ffff Private Memory Readable, Writable True False False
  • Region Actions
imm32.dll 0x05220000 0x05249fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000005220000 0x05220000 0x05220fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005230000 0x05230000 0x05230fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000005240000 0x05240000 0x05240fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005240000 0x05240000 0x0527ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005280000 0x05280000 0x05283fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005290000 0x05290000 0x05291fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000052a0000 0x052a0000 0x052a3fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000052b0000 0x052b0000 0x052b6fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000052c0000 0x052c0000 0x052fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005300000 0x05300000 0x053fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005400000 0x05400000 0x054fffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005500000 0x05500000 0x05687fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005690000 0x05690000 0x05714fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005690000 0x05690000 0x056cffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000056d0000 0x056d0000 0x0570ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005710000 0x05710000 0x05714fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005720000 0x05720000 0x0591ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005720000 0x05720000 0x0575ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000005760000 0x05760000 0x0579ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000057a0000 0x057a0000 0x057dffff Private Memory Readable, Writable True False False
  • Region Actions
mswsock.dll.mui 0x057e0000 0x057e2fff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x00000000057f0000 0x057f0000 0x057f1fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005800000 0x05800000 0x058fffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000005900000 0x05900000 0x05a80fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x0000000005a90000 0x05a90000 0x06e8ffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000006e90000 0x06e90000 0x06ecffff Private Memory Readable, Writable True False False
  • Region Actions
crypt32.dll.mui 0x06ed0000 0x06ed9fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000006f00000 0x06f00000 0x06ffffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x07000000 0x07336fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000007340000 0x07340000 0x0743ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007440000 0x07440000 0x0753ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007540000 0x07540000 0x0763ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007640000 0x07640000 0x0773ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007740000 0x07740000 0x0783ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007840000 0x07840000 0x0793ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007940000 0x07940000 0x07a3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007a40000 0x07a40000 0x07ad4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007a40000 0x07a40000 0x07a7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007a80000 0x07a80000 0x07abffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007ad0000 0x07ad0000 0x07ad4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007ae0000 0x07ae0000 0x07cdffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007b00000 0x07b00000 0x07bfffff Private Memory Readable, Writable True False False
  • Region Actions
ole32.dll 0x07c00000 0x07ce8fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000007c00000 0x07c00000 0x07c3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007c40000 0x07c40000 0x07c7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007c80000 0x07c80000 0x07cbffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007cc0000 0x07cc0000 0x07cfffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007d00000 0x07d00000 0x07d3ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007d40000 0x07d40000 0x07d7ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000007e00000 0x07e00000 0x07efffff Private Memory Readable, Writable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ncryptsslp.dll 0x73a90000 0x73aa9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gpapi.dll 0x73ab0000 0x73acefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntasn1.dll 0x73ad0000 0x73af7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ncrypt.dll 0x73b00000 0x73b1ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
schannel.dll 0x73b20000 0x73b7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
comctl32.dll 0x73b80000 0x73d88fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
fwpuclnt.dll 0x73d90000 0x73dd5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dnsapi.dll 0x73de0000 0x73e63fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
mswsock.dll 0x73e70000 0x73ebdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winhttp.dll 0x73ec0000 0x73f66fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iertutil.dll 0x73f70000 0x74230fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wininet.dll 0x74240000 0x74463fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
dpapi.dll 0x744f0000 0x744f7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
winnsi.dll 0x74520000 0x74527fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74530000 0x745a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
iphlpapi.dll 0x745c0000 0x745effff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ondemandconnroutehelper.dll 0x745f0000 0x74600fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
urlmon.dll 0x74630000 0x7478ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
nsi.dll 0x74ca0000 0x74ca6fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
windows.storage.dll 0x74e60000 0x7533cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
powrprof.dll 0x754c0000 0x75503fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
crypt32.dll 0x75510000 0x75684fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ws2_32.dll 0x75790000 0x757ebfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msasn1.dll 0x758b0000 0x758bdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel.appcore.dll 0x75960000 0x7596bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shcore.dll 0x75a00000 0x75a8cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
profapi.dll 0x75c50000 0x75c5efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
oleaut32.dll 0x75dd0000 0x75e61fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shell32.dll 0x76050000 0x7740efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007ee5b000 0x7ee5b000 0x7ee5dfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ee5e000 0x7ee5e000 0x7ee60fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ee61000 0x7ee61000 0x7ee63fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ee64000 0x7ee64000 0x7ee66fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ee67000 0x7ee67000 0x7ee69fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ee6a000 0x7ee6a000 0x7ee6cfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ee6d000 0x7ee6d000 0x7ee6ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x000000007ee70000 0x7ee70000 0x7ef6ffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007ef70000 0x7ef70000 0x7ef92fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007ef94000 0x7ef94000 0x7ef96fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef97000 0x7ef97000 0x7ef97fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef99000 0x7ef99000 0x7ef9bfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef9c000 0x7ef9c000 0x7ef9efff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ef9f000 0x7ef9f000 0x7ef9ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7dfe18a2ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfe18a30000 0x7dfe18a30000 0x7ffe18a2ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
For performance reasons, the remaining 121 entries are omitted.
The remaining entries can be found in flog.txt.
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x5040000, size = 131072 True 1
Fn
Data
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x505b6a4, size = 4 True 1
Fn
Data
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x505b7c0, size = 4 True 1
Fn
Data
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x505bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x504b50c True 1
Fn
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmn~1\appdata\local\temp\cabb597.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb598.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb599.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb59a.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb59b.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb5ac.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb5ad.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb5be.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb5bf.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb5c0.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\sofb65d.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cabb597.tmp 0.32 KB (324 bytes) MD5: 88fc36caeab09fb0080837c992f83183
SHA1: 44e3c85cf97e9bdace6612865940024f28bebf75
SHA256: 8d6b0fbf64768994f5555ce3676ba7c89d5bacdbf963f724b797e271981204fd 		False
c:\users\ciihmn~1\appdata\local\temp\cabb598.tmp 0.07 KB (68 bytes) MD5: 645ae58ef1c1e4da7c05e45c57912c9b
SHA1: 54ac5716b662c5f00d034708be935983bc0d3763
SHA256: 12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775 		False
c:\users\ciihmn~1\appdata\local\temp\cabb59a.tmp 0.07 KB (68 bytes) MD5: 645ae58ef1c1e4da7c05e45c57912c9b
SHA1: 54ac5716b662c5f00d034708be935983bc0d3763
SHA256: 12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775 		False
c:\users\ciihmn~1\appdata\local\temp\flab587.tmp 0.43 KB (436 bytes) MD5: d7859b496da03c0e61243641c65b6510
SHA1: 0dea29cb67e5b6f628a3e440f10421d8df0ef574
SHA256: da9736e8fac8dba275bd2ae8fe5385b06de8bbf0267ddd628ea603f187e0fc93 		False
c:\users\ciihmn~1\appdata\local\temp\cabb599.tmp 0.32 KB (324 bytes) MD5: 6f2eb04f33941fc3a5c436f5fffc8c50
SHA1: c58ac82242d6f178ceeb9324254c6db8f8a88f00
SHA256: 3bd89fc970eb49f1b132264519ba129e0024550bafc6bf76f74ea99be344c9b7 		False
c:\users\ciihmn~1\appdata\local\temp\cabb59b.tmp 0.01 KB (8 bytes) MD5: 7b5b6c7bf41e6055abd4e74476e08575
SHA1: 5c05d3a68f69258d236f6d9677cc0a42e399e7cc
SHA256: 2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f 		False
c:\users\ciihmn~1\appdata\local\temp\sofb65d.tmp 1.01 KB (1038 bytes) MD5: b8721ab85c8da93e999be95a72cb0842
SHA1: f9a9ac562a4c289a4d3e815bb708c146a4a22fcc
SHA256: c8baea7bbcd82d9bceb0396e16650d95dfa381bbd5bec6c3169b56af4d9e4e6e 		False
Threads
Thread 0xd8c
(Host: 58, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x749a7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x749a7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x749a9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x777ff090 True 1
Fn
Module Get Handle module_name = advapi32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Handle module_name = shlwapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x77410000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x75780000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 True 1
Fn
Mutex Create mutex_name = 8EB663269EDB2551D78D6BE980D8D1D5 True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:40:00 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:00 (UTC) True 1
Fn
Module Get Handle module_name = secur32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x748b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3076 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3076, size_out = 3076 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3643 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0xd94
(Host: 417, Network: 66)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 3A05CFF4EB7DE2EF8F3985678370FA5D True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:40:01 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3643 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3643, size_out = 3643 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3925 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 2
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 274 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Load module_name = crypt32.dll, base_address = 0x75510000 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /rSps/ke9sIH_-V/lJ/DI/sKWc/MRONw/, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/rSps/ke9sIH_-V/lJ/DI/sKWc/MRONw/ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/rSps/ke9sIH_-V/lJ/DI/sKWc/MRONw/ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1911 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1911, size_out = 1911 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2125 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2125 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2125, size_out = 2125 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2405 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 2
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2405 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2405, size_out = 2405 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2672 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /Ydqt/uth/tJ1TJV1Vo/FcOR/W_NPMA, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/Ydqt/uth/tJ1TJV1Vo/FcOR/W_NPMA False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/Ydqt/uth/tJ1TJV1Vo/FcOR/W_NPMA True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3216 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3216, size_out = 3216 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3441 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 66892 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 66892, size_out = 66892 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67174 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 67174 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67174, size_out = 67174 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67447 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /gyRVM2W/hM/VOBU/C/fc/UZI/I-So/MMBZP/Q, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/gyRVM2W/hM/VOBU/C/fc/UZI/I-So/MMBZP/Q False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/gyRVM2W/hM/VOBU/C/fc/UZI/I-So/MMBZP/Q True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 67447 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67447, size_out = 67447 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67661 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 67661 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67661, size_out = 67661 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67941 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 67941 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 67941, size_out = 67941 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 68208 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /6puLAJKud/1c/xpH0zn/bVRVR8KQTtZ0Dw, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/6puLAJKud/1c/xpH0zn/bVRVR8KQTtZ0Dw False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/6puLAJKud/1c/xpH0zn/bVRVR8KQTtZ0Dw True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 68208 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 68208, size_out = 68208 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 68433 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 5782 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5782, size_out = 5782 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6064 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 6064 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6064, size_out = 6064 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6337 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /jypPt/ic/VsA3/n/HX1FhBdiccsdKLg, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/jypPt/ic/VsA3/n/HX1FhBdiccsdKLg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/jypPt/ic/VsA3/n/HX1FhBdiccsdKLg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 6337 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6337, size_out = 6337 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6551 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 6551 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6551, size_out = 6551 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6831 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 6831 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 6831, size_out = 6831 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7098 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /ddDmp7/h/9/hY/Pn/2aQkV1HML/S/Zv/N6KQ, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/ddDmp7/h/9/hY/Pn/2aQkV1HML/S/Zv/N6KQ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/ddDmp7/h/9/hY/Pn/2aQkV1HML/S/Zv/N6KQ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 7098 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7098, size_out = 7098 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 7323 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0xdbc
(Host: 4503, Network: 206)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 55A4DE17653FCFB535BFCEB7986C3B1D True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = Local Time, time = 2017-11-30 14:40:01 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3925 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3925, size_out = 3925 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4197 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 2
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 274 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 274, size_out = 274 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 547 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /KbnKhnNec/qN/5/yGGXDaERSOtCLSf9QC/g, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/KbnKhnNec/qN/5/yGGXDaERSOtCLSf9QC/g False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/KbnKhnNec/qN/5/yGGXDaERSOtCLSf9QC/g True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1367 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1367, size_out = 1367 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1648 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 2
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 1648 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1648, size_out = 1648 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1911 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /1R52/0u4pYTz_/ExM/AI/4f/XM8U/L/d/g, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/1R52/0u4pYTz_/ExM/AI/4f/XM8U/L/d/g False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/1R52/0u4pYTz_/ExM/AI/4f/XM8U/L/d/g True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2672 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2672, size_out = 2672 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2953 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 2
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 2953 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 2953, size_out = 2953 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3216 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /OLKU5tAB/rPB/XBjjZZ2/N-Pfmw/N-N_Bg, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/OLKU5tAB/rPB/XBjjZZ2/N-Pfmw/N-N_Bg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/OLKU5tAB/rPB/XBjjZZ2/N-Pfmw/N-N_Bg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3441 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3441, size_out = 3441 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3720 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:02 (UTC) True 2
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3720 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3720, size_out = 3720 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3979 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /BaoB/o/d1zEU_M/SWNz/EN/2nQPZRBg, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/BaoB/o/d1zEU_M/SWNz/EN/2nQPZRBg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/BaoB/o/d1zEU_M/SWNz/EN/2nQPZRBg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 192 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Mutex Create mutex_name = 8E6BA92214C9B423A575DAF2D449D162 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_BINARY True 1
Fn
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x749b5f20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x749b4a60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToLocalFileTime, address_out = 0x749b61c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToDosDateTime, address_out = 0x749b2360 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x749ac8c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x749b6420 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameW, address_out = 0x749b6400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = RemoveDirectoryW, address_out = 0x749b64e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x749b6180 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x749b6510 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x749b6340 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x749b61b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x749b6250 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x749b6290 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x749a2d60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x749a75a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x749a2a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalAlloc, address_out = 0x749a8840 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x749a87c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x749b6360 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MapViewOfFile, address_out = 0x749a8c10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = UnmapViewOfFile, address_out = 0x749a94b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpA, address_out = 0x749ac1f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x749a7610 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x749a7540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address_out = 0x749af7b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynW, address_out = 0x749afbe0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x749b3a30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x749a2d80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileMappingW, address_out = 0x749a91e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileIntW, address_out = 0x749b0420 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileStringW, address_out = 0x749b08d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetPrivateProfileSectionNamesW, address_out = 0x749b0370 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetWindowsDirectoryW, address_out = 0x749b4cc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetDllDirectoryW, address_out = 0x749b4c10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetVersionExW, address_out = 0x749aa2a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x749b61d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x749b6540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DisableThreadLibraryCalls, address_out = 0x749aa0d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x749b64a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x749b6590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x749b6370 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandle, address_out = 0x749b6350 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x749b6110 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x749a8c70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x749a8b70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x749a1bc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x749a98f0 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CharLowerW, address_out = 0x75d18330 True 1
Fn
Module Load module_name = ADVAPI32.dll, base_address = 0x757f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredFree, address_out = 0x75814010 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExW, address_out = 0x7580efc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumValueW, address_out = 0x7580f020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptDestroyHash, address_out = 0x7580fbf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptHashData, address_out = 0x7580f950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptCreateHash, address_out = 0x7580f930 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptGetHashParam, address_out = 0x7580f530 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptReleaseContext, address_out = 0x75810ad0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CryptAcquireContextW, address_out = 0x75810730 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7580efa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = CredEnumerateW, address_out = 0x75813950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x7580ed60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7580ed80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyW, address_out = 0x7580f590 True 1
Fn
Module Load module_name = SHELL32.dll, base_address = 0x76050000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shell32.dll, function = SHGetFolderPathW, address_out = 0x761ce440 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75690000 True 1
Fn
Module Get Address module_name = Unknown module name, function = OleInitialize, address_out = 0x756b9c50 True 1
Fn
Module Get Address module_name = Unknown module name, function = CoTaskMemFree, address_out = 0x75b1cf40 True 1
Fn
Module Get Address module_name = Unknown module name, function = OleUninitialize, address_out = 0x756b9170 True 1
Fn
Module Get Address module_name = Unknown module name, function = CreateStreamOnHGlobal, address_out = 0x75af0a50 True 1
Fn
Module Get Address module_name = Unknown module name, function = CoCreateInstance, address_out = 0x75b38200 True 1
Fn
Module Get Address module_name = Unknown module name, function = GetHGlobalFromStream, address_out = 0x75b41b30 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x77410000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIA, address_out = 0x7742cd10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIW, address_out = 0x774281f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = StrCmpNIA, address_out = 0x77424980 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathMatchSpecW, address_out = 0x77432090 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x774280d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x7742cd50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfW, address_out = 0x77438630 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = wvnsprintfA, address_out = 0x774385f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = StrRChrIW, address_out = 0x7742c9a0 True 1
Fn
Module Load module_name = CRYPT32.dll, base_address = 0x75510000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CertOpenSystemStoreW, address_out = 0x7558e7f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CertCloseStore, address_out = 0x7554a180 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CryptUnprotectData, address_out = 0x7555af50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = PFXExportCertStoreEx, address_out = 0x755c5ce0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\crypt32.dll, function = CertEnumCertificatesInStore, address_out = 0x75530ab0 True 1
Fn
Module Load module_name = Secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\secur32.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Module Load module_name = MSVCRT.dll, base_address = 0x753f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = memcpy, address_out = 0x754784c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _adjust_fdiv, address_out = 0x754a5d04 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = strchr, address_out = 0x75478db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = memmove, address_out = 0x754788d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = malloc, address_out = 0x754378c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = atoi, address_out = 0x7541fe30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _vsnwprintf, address_out = 0x75466810 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _vsnprintf, address_out = 0x754663a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = memset, address_out = 0x75478ca0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _initterm, address_out = 0x75456880 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = free, address_out = 0x75437700 True 1
Fn
Module Load module_name = WININET.dll, base_address = 0x74240000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = FindFirstUrlCacheEntryW, address_out = 0x743174e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = DeleteUrlCacheEntryW, address_out = 0x742feef0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = FindCloseUrlCache, address_out = 0x74314780 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\wininet.dll, function = FindNextUrlCacheEntryW, address_out = 0x743184b0 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:41:03 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4488 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4488, size_out = 4488 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4634 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:41:03 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4634 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4634, size_out = 4634 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4773 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Module Load module_name = Pstorec.dll, base_address = 0x73a80000 True 1
Fn
Module Get Address module_name = Unknown module name, function = PStoreCreateInstance, address_out = 0x73a81290 True 1
Fn
COM Create interface = AFA0DC11-C313-11D0-831A-00C04FD5AE38, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 False 462
Fn
System Get Info type = Operating System False 1
Fn
Module Load module_name = vaultcli.dll, base_address = 0x72df0000 True 1
Fn
Module Get Address module_name = Unknown module name, function = VaultOpenVault, address_out = 0x72df9e10 True 1
Fn
Module Get Address module_name = Unknown module name, function = VaultCloseVault, address_out = 0x72df9e80 True 1
Fn
Module Get Address module_name = Unknown module name, function = VaultEnumerateItems, address_out = 0x72df9c80 True 1
Fn
Module Get Address module_name = Unknown module name, function = VaultGetItem, address_out = 0x72df9bf0 True 2
Fn
Module Get Address module_name = Unknown module name, function = VaultFree, address_out = 0x72df9690 True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:41:04 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4773 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4773, size_out = 4773 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4908 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:41:04 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 4908 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4908, size_out = 4908 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 5052 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Mozilla True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Mozilla\Firefox False 1
Fn
Registry Enumerate Keys reg_name = HKEY_CURRENT_USER\Software\Mozilla False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs False 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox False 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox, value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB) True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB), value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB) True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB), value_name = PathToExe, type = REG_NONE False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB) False 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB) True 1
Fn
Registry Enumerate Keys reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB) True 1
Fn
Registry Open Key reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB)\Main True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB)\Main, value_name = PathToExe, data = 0, type = REG_SZ True 1
Fn
Registry Read Value reg_name = HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\53.0.3 (x86 en-GB)\Main, value_name = PathToExe, data = 67 True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\, type = file_attributes True 1
Fn
File Get Info filename = C:\Program Files (x86)\Mozilla Firefox, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini, desired_access = FILE_READ_ATTRIBUTES True 1
Fn
Ini Enumerate Sections file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini, data_out = General, size = 65000 True 1
Fn
Ini Read file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = Path, data_out = Profiles/8i341t8m.default True 1
Fn
Ini Read file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\profiles.ini, section_name = Profile0, key_name = IsRelative, default_value = 1 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, protection = PAGE_READONLY, maximum_size = 0 False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
Module Unmap process_name = c:\windows\syswow64\svchost.exe True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, protection = PAGE_READONLY, maximum_size = 0 False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\search.json.mozlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\secmod.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SecurityPreloadState.txt, protection = PAGE_READONLY, maximum_size = 0 False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionCheckpoints.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\previous.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore-backups\upgrade.js-20170518000419, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\sessionstore.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\SiteSecurityServiceState.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\.metadata-v2, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\.metadata-v2, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.files\1, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\storage.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\times.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\webappsstore.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\xulstore.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20170518000419, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\AlternateServices.txt, protection = PAGE_READONLY, maximum_size = 0 False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-addons.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-gfx.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist-plugins.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\blocklist.xml, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\bookmarkbackups\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cert8.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\compatibility.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\containers.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\content-prefs.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\cookies.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\crashes\store.json.mozlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\archived\2017-05\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\session-state.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\datareporting\state.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.ini, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\extensions.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\formhistory.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.dll, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-gmpopenh264\1.6\gmpopenh264.info, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\LICENSE.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\manifest.json, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\gmp-widevinecdm\1.4.8.903\widevinecdm.dll.lib, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\key3.db, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\kinto.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\mimeTypes.rdf, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\parent.lock, protection = PAGE_READONLY, maximum_size = 0 False 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\permissions.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\places.sqlite, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\pluginreg.dat, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
Module Map C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\revocations.txt, process_name = c:\windows\syswow64\svchost.exe, desired_access = FILE_MAP_READ True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, desired_access = FILE_READ_ATTRIBUTES True 2
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, type = size True 1
Fn
Module Create Mapping module_name = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\saved-telemetry-pings\d896fec9-1a7a-4db1-a3a2-e46d95b631a5, protection = PAGE_READONLY, maximum_size = 0 True 1
Fn
For performance reasons, the remaining 3390 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xdb8
(Host: 143, Network: 44)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = 843724E431E9542E94836F8E62819404 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3925 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Copy source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
Module Load module_name = wininet.dll, base_address = 0x74240000 True 1
Fn
Module Load module_name = urlmon.dll, base_address = 0x74630000 True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = google.com, server_port = 80 True 1
Fn
Inet Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = google.com/ True 1
Fn
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 4096 True 10
Fn
Data
Inet Read Response size = 4096, size_out = 3339 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
System Get Time type = Ticks, time = 174984 True 1
Fn
Module Load module_name = ole32.dll, base_address = 0x75690000 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoInitializeEx, address_out = 0x75afcd50 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoCreateInstance, address_out = 0x75b38200 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoSetProxyBlanket, address_out = 0x75b586d0 True 1
Fn
Module Load module_name = api-ms-win-core-com-l1-1-0, base_address = 0x75a90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\combase.dll, function = CoUninitialize, address_out = 0x75afdca0 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG True 1
Fn
Module Get Handle module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75dd0000 True 1
Fn
COM Create interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG True 4
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = size, size_out = 4197 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, size = 4197, size_out = 4197 True 1
Fn
Data
System Get Time type = System Time, time = 2017-11-30 03:40:03 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 3979 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 3979, size_out = 3979 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 4252 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /De1Yth/p9kt/Cn/nFYkQAKMa/NRvIPHQ/, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/De1Yth/p9kt/Cn/nFYkQAKMa/NRvIPHQ/ False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/De1Yth/p9kt/Cn/nFYkQAKMa/NRvIPHQ/ True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 88 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
File Delete filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
System Sleep duration = 300000 milliseconds (300.000 seconds) True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 68433 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Copy source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = size, size_out = 68433 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, size = 68433, size_out = 68433 True 1
Fn
Data
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 274 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /yl/mtBlP3TBX01/IHcuJe/_tHKA, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/yl/mtBlP3TBX01/IHcuJe/_tHKA False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/yl/mtBlP3TBX01/IHcuJe/_tHKA True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 88 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
File Delete filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
System Sleep duration = 300000 milliseconds (300.000 seconds) True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 7323 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Copy source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ True 1
Fn
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Hardware Information True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, type = size, size_out = 7323 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp, size = 7323, size_out = 7323 True 1
Fn
Data
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 0 True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 274 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Inet Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Inet Open Connection protocol = HTTP, server_name = 330f35e9f647.loan, server_port = 443 True 1
Fn
Inet Open HTTP Request http_verb = POST, http_version = HTTP 1.1, target_resource = /zrx/mc5kKX_VXFNJC8/Cd/eO/VGPg, accept_types = 84246528, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_HYPERLINK, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/zrx/mc5kKX_VXFNJC8/Cd/eO/VGPg False 1
Fn
Inet Send HTTP Request headers = Connection: close , url = 330f35e9f647.loan/zrx/mc5kKX_VXFNJC8/Cd/eO/VGPg True 1
Fn
Data
Inet Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 88 True 1
Fn
Data
Inet Read Response size = 4096, size_out = 0 True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
Inet Close Session - True 1
Fn
File Delete filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.tmp True 1
Fn
System Sleep duration = 300000 milliseconds (300.000 seconds) False 1
Fn
Thread 0xdb0
(Host: 14483, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION False 1
Fn
System Get Info type = SYSTEM_PROCESS_INFORMATION True 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION False 1
Fn
Process Open desired_access = PROCESS_QUERY_INFORMATION True 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
System Get Info type = Operating System False 1
Fn
For performance reasons, the remaining 10109 entries are omitted.
The remaining entries can be found in glog.xml.
Thread 0xdd0
(Host: 34, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run, value_name = containers.exe, data = "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe", size = 236, type = REG_SZ True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:40:01 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 547 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 547, size_out = 547 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 800 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, type = size, size_out = 303104 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\containers.exe, size = 303104, size_out = 303104 True 1
Fn
Data
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlEnterCriticalSection, address_out = 0x777e5e80 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlLeaveCriticalSection, address_out = 0x777e5e00 True 1
Fn
System Sleep duration = -1 (infinite) True 248
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xfc4
(Host: 2, Network: 0)
+
Category Operation Information Success Count Logfile
File Create Pipe pipe_name = \device\namedpipe\e7cb4c13c5ff510208fe9abc26bb5b59, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, max_instances = 255 True 1
Fn
System Sleep duration = -1 (infinite) False 1
Fn
Process #17: svchost.exe
(Host: 246, Network: 0)
+
Information Value
ID #17
File Name c:\windows\syswow64\svchost.exe
Command Line C:\Windows\SysWOW64\svchost.exe -k netsvcs
Initial Working Directory C:\Users\CIiHmnxMn6Ps\AppData\Roaming\
Monitor Start Time: 00:05:05, Reason: Child Process
Unmonitor End Time: 00:15:27, Reason: Terminated by Timeout
Monitor Duration 00:10:22
OS Process Information
+
Information Value
PID 0x3d0
Parent PID 0x1a4 (c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe)
Is Created or Modified Executable False
Integrity Level Medium
Username LHNIWSJ\CIiHmnxMn6Ps
Groups
  • LHNIWSJ\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account and member of Administrators group (USE_FOR_DENY_ONLY)
  • BUILTIN\Administrators (USE_FOR_DENY_ONLY)
  • BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Local account (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\Logon Session 00000000:0001400a (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID)
  • LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
  • NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges SeChangeNotifyPrivilege
Thread IDs
0x F8C
0x 2B0
0x DC4
0x F4
0x CAC
0x 8CC
0x CC4
0x CA0
0x CB0
0x 740
0x 2C4
0x ED4
0x B84
0x D10
Region
+
Name Start VA End VA Type Permissions Monitored Dump YARA Match Actions
private_0x0000000000010000 0x00010000 0x0002ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000010000 0x00010000 0x00013fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000000020000 0x00020000 0x0002ffff Pagefile Backed Memory Readable, Writable True False False
  • Region Actions
private_0x0000000000030000 0x00030000 0x00031fff Private Memory Readable, Writable True False False
  • Region Actions
svchost.exe.mui 0x00030000 0x00030fff Memory Mapped File Readable False False False
  • Region Actions
pagefile_0x0000000000040000 0x00040000 0x00053fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000000060000 0x00060000 0x0009ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000000a0000 0x000a0000 0x000a3fff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x00000000000b0000 0x000b0000 0x000b0fff Pagefile Backed Memory Readable True False False
  • Region Actions
svchost.exe 0x000c0000 0x000cafff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
pagefile_0x00000000000d0000 0x000d0000 0x040cffff Pagefile Backed Memory - True False False
  • Region Actions
private_0x00000000040d0000 0x040d0000 0x0410ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004110000 0x04110000 0x04111fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004120000 0x04120000 0x0413ffff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x0000000004140000 0x04140000 0x0417ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004180000 0x04180000 0x041bffff Private Memory Readable, Writable True False False
  • Region Actions
locale.nls 0x041c0000 0x0427dfff Memory Mapped File Readable False False False
  • Region Actions
imm32.dll 0x04280000 0x042a9fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000004280000 0x04280000 0x04280fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004290000 0x04290000 0x04290fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000042a0000 0x042a0000 0x042a0fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x00000000042b0000 0x042b0000 0x042b6fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000042c0000 0x042c0000 0x042fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000042c0000 0x042c0000 0x042c5fff Private Memory Readable, Writable, Executable True False False
  • Region Actions
private_0x00000000042e0000 0x042e0000 0x042e3fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004300000 0x04300000 0x043fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004400000 0x04400000 0x044fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004500000 0x04500000 0x0453ffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004540000 0x04540000 0x046c7fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x00000000046d0000 0x046d0000 0x048c4fff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x00000000046d0000 0x046d0000 0x04850fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000004860000 0x04860000 0x04860fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004870000 0x04870000 0x04873fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004880000 0x04880000 0x048bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000048c0000 0x048c0000 0x048c4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000048d0000 0x048d0000 0x04acffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000048d0000 0x048d0000 0x048e0fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000004900000 0x04900000 0x049fffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x0000000004a00000 0x04a00000 0x05dfffff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x0000000005e00000 0x05e00000 0x05efffff Private Memory Readable, Writable True False False
  • Region Actions
sortdefault.nls 0x05f00000 0x06236fff Memory Mapped File Readable False False False
  • Region Actions
private_0x0000000006240000 0x06240000 0x0633ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006340000 0x06340000 0x0637ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006380000 0x06380000 0x0647ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006480000 0x06480000 0x064bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000064c0000 0x064c0000 0x065bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000065c0000 0x065c0000 0x065fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006600000 0x06600000 0x066fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006700000 0x06700000 0x0673ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006740000 0x06740000 0x0683ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006840000 0x06840000 0x0687ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006880000 0x06880000 0x0697ffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006980000 0x06980000 0x069bffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x00000000069c0000 0x069c0000 0x069fffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006a00000 0x06a00000 0x06afffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006b00000 0x06b00000 0x06bfffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006c00000 0x06c00000 0x06cfffff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006d00000 0x06d00000 0x06ea4fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006eb0000 0x06eb0000 0x070affff Private Memory Readable, Writable True False False
  • Region Actions
private_0x0000000006f00000 0x06f00000 0x06ffffff Private Memory Readable, Writable True False False
  • Region Actions
wow64cpu.dll 0x581b0000 0x581b7fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64.dll 0x581c0000 0x5820efff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
wow64win.dll 0x58210000 0x58282fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cabinet.dll 0x73a60000 0x73a81fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntmarta.dll 0x74470000 0x74497fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rsaenh.dll 0x744a0000 0x744cefff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptsp.dll 0x744d0000 0x744e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
uxtheme.dll 0x74530000 0x745a4fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
secur32.dll 0x745b0000 0x745b9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcrypt.dll 0x74610000 0x7462afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
bcryptprimitives.dll 0x74840000 0x74898fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
cryptbase.dll 0x748a0000 0x748a9fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sspicli.dll 0x748b0000 0x748cdfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernel32.dll 0x74990000 0x74a7ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
rpcrt4.dll 0x74a80000 0x74b2bfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
gdi32.dll 0x74d10000 0x74e5cfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
sechost.dll 0x753a0000 0x753e2fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msvcrt.dll 0x753f0000 0x754adfff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
psapi.dll 0x75780000 0x75785fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
advapi32.dll 0x757f0000 0x7586afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
combase.dll 0x75a90000 0x75c49fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
imm32.dll 0x75c60000 0x75c8afff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
user32.dll 0x75c90000 0x75dcffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
kernelbase.dll 0x75e70000 0x75fe5fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
shlwapi.dll 0x77410000 0x77453fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
msctf.dll 0x77680000 0x7779ffff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
ntdll.dll 0x777a0000 0x77918fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x000000007f5ab000 0x7f5ab000 0x7f5adfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f5ae000 0x7f5ae000 0x7f5b0fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f5b1000 0x7f5b1000 0x7f5b3fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f5b4000 0x7f5b4000 0x7f5b6fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f5b7000 0x7f5b7000 0x7f5b9fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f5ba000 0x7f5ba000 0x7f5bcfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f5bd000 0x7f5bd000 0x7f5bffff Private Memory Readable, Writable True False False
  • Region Actions
pagefile_0x000000007f5c0000 0x7f5c0000 0x7f6bffff Pagefile Backed Memory Readable True False False
  • Region Actions
pagefile_0x000000007f6c0000 0x7f6c0000 0x7f6e2fff Pagefile Backed Memory Readable True False False
  • Region Actions
private_0x000000007f6e3000 0x7f6e3000 0x7f6e5fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f6e6000 0x7f6e6000 0x7f6e8fff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f6e9000 0x7f6e9000 0x7f6ebfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f6ec000 0x7f6ec000 0x7f6ecfff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007f6ef000 0x7f6ef000 0x7f6effff Private Memory Readable, Writable True False False
  • Region Actions
private_0x000000007ffe0000 0x7ffe0000 0x7ffeffff Private Memory Readable True False False
  • Region Actions
private_0x000000007fff0000 0x7fff0000 0x7dfe18a2ffff Private Memory Readable True False False
  • Region Actions
pagefile_0x00007dfe18a30000 0x7dfe18a30000 0x7ffe18a2ffff Pagefile Backed Memory - True False False
  • Region Actions
ntdll.dll 0x7ffe18a30000 0x7ffe18bf1fff Memory Mapped File Readable, Writable, Executable False False False
  • Region Actions
private_0x00007ffe18bf2000 0x7ffe18bf2000 0x7ffffffeffff Private Memory Readable True False False
  • Region Actions
Injection Information
+
Injection Type Source Process Source Os Thread ID Injection Info Success Count Logfile
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x4120000, size = 131072 True 1
Fn
Data
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x413b6a4, size = 4 True 1
Fn
Data
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x413b7c0, size = 4 True 1
Fn
Data
Modify Memory #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x413bdb4, size = 4 True 1
Fn
Data
Create Remote Thread #13: c:\users\ciihmnxmn6ps\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\containers.exe 0x204 address = 0x412b50c True 1
Fn
Created Files
+
Filename File Size Hash Values YARA Match Actions
c:\users\ciihmn~1\appdata\local\temp\cab7de7.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cab7de8.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cab7de9.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cab7dea.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\cab7deb.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
c:\users\ciihmn~1\appdata\local\temp\upd9948.tmp 0.00 KB (0 bytes) MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 		False
Threads
Thread 0x2b0
(Host: 72, Network: 0)
+
Category Operation Information Success Count Logfile
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedExchange, address_out = 0x749a7650 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x749a9950 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x749a25e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x777dbae0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x777dda90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x749ad940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x749a7910 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InterlockedIncrement, address_out = 0x749a7520 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x749a9640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x749a77b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryW, address_out = 0x749aa0b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlAddVectoredExceptionHandler, address_out = 0x777ff090 True 1
Fn
Module Get Handle module_name = advapi32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = advapi32.dll, base_address = 0x757f0000 True 1
Fn
Module Load module_name = NTDLL, base_address = 0x777a0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\ntdll.dll, function = RtlInitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Handle module_name = shlwapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = shlwapi.dll, base_address = 0x77410000 True 1
Fn
System Get Info type = Operating System False 2
Fn
Module Get Handle module_name = psapi.dll, base_address = 0x0 False 1
Fn
Module Load module_name = psapi.dll, base_address = 0x75780000 True 1
Fn
Module Get Filename module_name = psapi.dll, process_name = c:\windows\syswow64\svchost.exe, file_name_orig = C:\Windows\SysWOW64\svchost.exe, size = 260 True 1
Fn
Mutex Create mutex_name = 8592029A1BBD0F5EDCA2A860E613ACDB True 1
Fn
System Get Time type = Local Time, time = 2017-11-30 14:40:01 (Local Time) True 1
Fn
System Get Time type = System Time, time = 2017-11-30 03:40:01 (UTC) True 1
Fn
Module Get Handle module_name = secur32.dll, base_address = 0x0 False 1
Fn
Module Load module_name = secur32.dll, base_address = 0x745b0000 True 1
Fn
Module Load module_name = SSPICLI, base_address = 0x748b0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\sspicli.dll, function = GetUserNameExW, address_out = 0x748bc5f0 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 800 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 800, size_out = 800 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 1367 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Mutex Create mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\eckiiks, type = file_attributes False 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\ufykkeb, type = file_attributes False 1
Fn
Registry Create Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Write Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, size = 1776, type = REG_BINARY True 1
Fn
Data
Mutex Release mutex_name = 99DCC4F63896BA52D9D5D3F7098E00E5 True 1
Fn
Thread 0xf4
(Host: 1, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = ACD86ED691154353041C7827C4241C0D True 1
Fn
Thread 0xcac
(Host: 1, Network: 0)
+
Category Operation Information Success Count Logfile
Mutex Create mutex_name = BA6E0713253533C2BD32E023F51DAAB1 True 1
Fn
Thread 0x8cc
(Host: 3, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xcc4
(Host: 3, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
System Sleep duration = -1 (infinite) False 1
Fn
Thread 0xca0
(Host: 135, Network: 0)
+
Category Operation Information Success Count Logfile
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Uzapze, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Akudfeen, type = REG_BINARY True 2
Fn
Data
Registry Open Key reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi True 1
Fn
Registry Read Value reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ombi, value_name = Axoha, type = REG_BINARY True 2
Fn
Data
Module Load module_name = KERNEL32.dll, base_address = 0x74990000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibrary, address_out = 0x749a98f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x749a7940 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalLock, address_out = 0x749a1bc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GlobalUnlock, address_out = 0x749a2a10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x749a92b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x749a9700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x749a1b90 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = TerminateThread, address_out = 0x749afcb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x749a2db0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSection, address_out = 0x777f95f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x777e5e80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x777e5e00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x749b6110 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandle, address_out = 0x749b6350 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x749b6360 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x749b6590 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x749b64a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x749b62a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x749b64f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x749b6530 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x749b5f20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetLocalTime, address_out = 0x749a9a60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToLocalFileTime, address_out = 0x749b61c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = FileTimeToDosDateTime, address_out = 0x749b2360 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x749a7540 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x749ae320 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x749b3a30 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x749a2d80 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x749ad8d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x749a9660 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x749b6410 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathW, address_out = 0x749b6420 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameA, address_out = 0x749b63f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameW, address_out = 0x749b6400 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = QueryDosDeviceA, address_out = 0x749cae50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x749b6170 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x749b6180 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x749b61a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x749b61b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileW, address_out = 0x749b67b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = MultiByteToWideChar, address_out = 0x749a2d60 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x749a75a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatW, address_out = 0x749af6d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatW, address_out = 0x749af140 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\kernel32.dll, function = DisableThreadLibraryCalls, address_out = 0x749aa0d0 True 1
Fn
Module Load module_name = USER32.dll, base_address = 0x75c90000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetTimer, address_out = 0x75cacd50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DrawIcon, address_out = 0x75cbdc70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetForegroundWindow, address_out = 0x75cc50f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetWindowTextW, address_out = 0x75cb4710 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetWindowTextLengthW, address_out = 0x75cb4640 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ChangeClipboardChain, address_out = 0x75cc5eb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = MapVirtualKeyExW, address_out = 0x75cf4900 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = LoadImageW, address_out = 0x75cc4500 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetIconInfo, address_out = 0x75cbe6e0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetRawInputData, address_out = 0x75cc87f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterRawInputDevices, address_out = 0x75cc8d50 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetKeyNameTextW, address_out = 0x75cf48f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetClipboardData, address_out = 0x75cc29b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardState, address_out = 0x75cc54a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = IsClipboardFormatAvailable, address_out = 0x75cc5020 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetWindowThreadProcessId, address_out = 0x75caba70 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SetClipboardViewer, address_out = 0x75cc5ec0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CloseClipboard, address_out = 0x75cc5a00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = OpenClipboard, address_out = 0x75cc1770 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExW, address_out = 0x75ca91c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = RegisterClassExW, address_out = 0x75ca8ee0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x7781caa0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = AttachThreadInput, address_out = 0x75cc5be0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = PostThreadMessageW, address_out = 0x75caddc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = SendMessageW, address_out = 0x75ca38f0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = DispatchMessageW, address_out = 0x75ca3e40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x75cbea00 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetMessageW, address_out = 0x75cc3230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetKeyboardLayout, address_out = 0x75caceb0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = ToUnicodeEx, address_out = 0x75d0f4c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x75cbdc20 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address_out = 0x75cbddf0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\user32.dll, function = TranslateMessage, address_out = 0x75cab9d0 True 1
Fn
Module Load module_name = SHLWAPI.dll, base_address = 0x77410000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = StrStrIA, address_out = 0x7742cd10 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\shlwapi.dll, function = PathFileExistsW, address_out = 0x77428340 True 1
Fn
Module Load module_name = PSAPI.DLL, base_address = 0x75780000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\psapi.dll, function = GetProcessImageFileNameA, address_out = 0x757816e0 True 1
Fn
Module Load module_name = MSVCRT.dll, base_address = 0x753f0000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _initterm, address_out = 0x75456880 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = ??1type_info@@UAE@XZ, address_out = 0x75430fc0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _onexit, address_out = 0x75447310 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = __dllonexit, address_out = 0x75447230 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = memset, address_out = 0x75478ca0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = memcpy, address_out = 0x754784c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = strrchr, address_out = 0x75479620 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _strnicmp, address_out = 0x75476890 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = memmove, address_out = 0x754788d0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _wcsdup, address_out = 0x754771a0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = realloc, address_out = 0x754379b0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = malloc, address_out = 0x754378c0 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = free, address_out = 0x75437700 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = ??3@YAXPAX@Z, address_out = 0x75434f40 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\msvcrt.dll, function = _adjust_fdiv, address_out = 0x754a5d04 True 1
Fn
Mutex Create mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
File Get Info filename = C:\Users, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer, type = file_attributes True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys, type = file_attributes True 1
Fn
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, type = size, size_out = 65711 True 1
Fn
File Read filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 65711, size_out = 65711 True 1
Fn
Data
File Create filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Write filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\pgyFOAeI3.wix, size = 65948 True 1
Fn
Data
Mutex Release mutex_name = BA375714EF21E8EC8F43FB71FA3700CC True 1
Fn
Thread 0xed4
(Host: 19, Network: 0)
+
Category Operation Information Success Count Logfile
Module Get Handle module_name = c:\windows\syswow64\svchost.exe, base_address = 0xc0000 True 1
Fn
Window Create class_name = gyiilcjfsgwyvovkmvmubswahvfrkihnplscfwmjvqogqesosrvejbsyldrbhcoyykylbceivebyigadixbljnhxaacgykdkauce, wndproc_parameter = 0 True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd9948.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = upd True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd9948.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ True 1
Fn
File Get Info filename = C:\Users\CIIHMN~1\AppData\Local\Temp\upd9948.tmp, type = size True 1
Fn
System Sleep duration = 60000 milliseconds (60.000 seconds) True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\cab9948.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = cab True 1
Fn
Module Load module_name = cabinet.dll, base_address = 0x73a60000 True 1
Fn
Module Get Address module_name = c:\windows\syswow64\cabinet.dll, function = FCICreate, address_out = 0x73a6f660 True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DE7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = CABINET True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DE7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DE8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = CABINET True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DE8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DE9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = CABINET True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DE9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DEA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = CABINET True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DEA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
File Create Temp File filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DEB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\, prefix = CABINET True 1
Fn
File Create filename = C:\Users\CIIHMN~1\AppData\Local\Temp\CAB7DEB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ True 1
Fn
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image