VMRay Analyzer Report

Monitored Processes

Behavior Information - Sequential View

Process #1: ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe

(Host: 1315, Network: 0)

Information	Value
ID	#1
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:19, Reason: Analysis Target
Unmonitor	End Time: 00:01:07, Reason: Terminated by Timeout
Monitor Duration	00:00:48

OS Process Information

Information	Value
PID	0x9e8
Parent PID	0x564 (c:\windows\explorer.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Groups	XDUWTFONO\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010611 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x 9EC 0x A00

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x00020fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00030fff	Private Memory	Readable, Writable	Region Actions Download Dump
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x001a0000	0x00206fff	Memory Mapped File	Readable	Region Actions
private_0x0000000000210000	0x00210000	0x0024ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000250000	0x00250000	0x0025ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000260000	0x00260000	0x00266fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x0000000000270000	0x00270000	0x00271fff	Pagefile Backed Memory	Readable, Writable	Region Actions
pagefile_0x0000000000280000	0x00280000	0x00281fff	Pagefile Backed Memory	Readable	Region Actions
msctf.dll.mui	0x00280000	0x00280fff	Memory Mapped File	Readable, Writable	Region Actions
private_0x0000000000290000	0x00290000	0x0030ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000310000	0x00310000	0x0034ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000350000	0x00350000	0x0035ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000360000	0x00360000	0x0039ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x00000000003a0000	0x003a0000	0x003a1fff	Pagefile Backed Memory	Readable	Region Actions
private_0x00000000003a0000	0x003a0000	0x003a8fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x00000000003b0000	0x003b0000	0x003b0fff	Private Memory	Readable, Writable	Region Actions Download Dump
ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	0x00400000	0x00447fff	Memory Mapped File	Readable, Writable, Executable	Region Actions Download Dump
pagefile_0x0000000000450000	0x00450000	0x0052efff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000540000	0x00540000	0x0063ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000640000	0x00640000	0x007c7fff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000000800000	0x00800000	0x0080ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000810000	0x00810000	0x00990fff	Pagefile Backed Memory	Readable	Region Actions
pagefile_0x00000000009a0000	0x009a0000	0x01d9ffff	Pagefile Backed Memory	Readable	Region Actions
private_0x0000000001da0000	0x01da0000	0x01f3ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001da0000	0x01da0000	0x01e2ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001da0000	0x01da0000	0x01e1ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001e20000	0x01e20000	0x01e2ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001f00000	0x01f00000	0x01f3ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001f60000	0x01f60000	0x01f6ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000001f70000	0x01f70000	0x0236ffff	Private Memory	Readable, Writable	Region Actions Download Dump
sortdefault.nls	0x02370000	0x0263efff	Memory Mapped File	Readable	Region Actions
pagefile_0x0000000002640000	0x02640000	0x02a32fff	Pagefile Backed Memory	Readable	Region Actions
staticcache.dat	0x02a40000	0x0336ffff	Memory Mapped File	Readable	Region Actions
private_0x0000000003370000	0x03370000	0x0346ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000003470000	0x03470000	0x0746ffff	Private Memory	Readable, Writable, Executable	Region Actions
msvbvm60.dll	0x72940000	0x72a92fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
dwmapi.dll	0x73430000	0x73442fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
uxtheme.dll	0x738b0000	0x7392ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64win.dll	0x73a70000	0x73acbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73ad0000	0x73b0efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73b40000	0x73b47fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
winspool.drv	0x74e60000	0x74eb0fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sxs.dll	0x74ec0000	0x74f1efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
cryptbase.dll	0x750b0000	0x750bbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sspicli.dll	0x750c0000	0x7511ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
user32.dll	0x75120000	0x7521ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
sechost.dll	0x75240000	0x75258fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msvcrt.dll	0x75260000	0x7530bfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75320000	0x75365fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
rpcrt4.dll	0x753c0000	0x754affff	Memory Mapped File	Readable, Writable, Executable	Region Actions
gdi32.dll	0x754e0000	0x7556ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ole32.dll	0x75570000	0x756cbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shell32.dll	0x75790000	0x763d9fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
oleaut32.dll	0x763e0000	0x7646efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x765b0000	0x766bffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
lpk.dll	0x76750000	0x76759fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
advapi32.dll	0x76760000	0x767fffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
msctf.dll	0x76a00000	0x76acbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
imm32.dll	0x76ad0000	0x76b2ffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
usp10.dll	0x76b30000	0x76bccfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
shlwapi.dll	0x77100000	0x77156fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000077160000	0x77160000	0x77259fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000077260000	0x77260000	0x7737efff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x77380000	0x77528fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77560000	0x776dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efd8000	0x7efd8000	0x7efdafff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Threads

Thread 0x9ec

(Host: 1199, Network: 0)

Category	Operation	Information	Count	Logfile
System	Get Info	type = Operating System	1	Fn
Module	Get Handle	module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0	1	Fn
Environment	Get Environment String		1	Fn Data
File	Open	filename = STD_INPUT_HANDLE	1	Fn
File	Get Info	filename = STD_INPUT_HANDLE, type = file_type	1	Fn
File	Open	filename = STD_OUTPUT_HANDLE	1	Fn
File	Get Info	filename = STD_OUTPUT_HANDLE, type = file_type	1	Fn
File	Open	filename = STD_ERROR_HANDLE	1	Fn
File	Get Info	filename = STD_ERROR_HANDLE, type = file_type	1	Fn
Module	Get Filename	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, size = 260	1	Fn
Module	Get Handle	module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x765c5235	1	Fn
Mutex	Create		1	Fn
Module	Get Handle	module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, base_address = 0x400000	1	Fn
Module	Get Filename	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260	1	Fn
System	Get Info	type = Operating System	1	Fn
Module	Get Filename	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260	1	Fn
Module	Get Filename	module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, size = 260	1	Fn
Module	Get Filename	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260	1	Fn
System	Get Info	type = Operating System	1	Fn
Module	Load	module_name = OLEAUT32.DLL, base_address = 0x763e0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x764470a1	1	Fn
System	Get Info	type = Hardware Information	1	Fn
System	Get Info	type = Operating System	1	Fn
Module	Get Handle	module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x763e0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x763f3dcf	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x763f07b7	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x76411ca9	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x763f8e70	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x763f7684	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x763fcc98	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x7642903a	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x763f6231	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x763f5fea	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x76403f94	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x76404e9e	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x7642db72	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x76412a8c	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x7642d737	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x7642e015	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x7642cc3d	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x7642d1c4	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x7642d48c	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x7642d4c6	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x7642d509	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x763fe7bb	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x763fe496	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x763fddf1	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x7642d53f	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76432055	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x764320ea	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76432151	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x764321f5	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76432288	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76432335	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x764323d5	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x76405934	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x76405a98	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x764059b4	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x7645e405	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x7645ef07	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x7645f00a	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x7645ef47	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x7645f15e	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x7645dbd4	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x7645ecfa	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x7645ea66	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x7645d332	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x7645ee2e	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x7645ca11	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x7645cc5f	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x7645cde7	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x7645c802	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x7645ec66	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x7645d155	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x763fb0dc	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x76415f3e	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x76404fd0	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x76400d2c	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x764159ed	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x763ef8b8	1	Fn
Module	Get Handle	module_name = c:\windows\syswow64\ole32.dll, base_address = 0x75570000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x755b9d4e	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x75580782	1	Fn
Module	Get Filename	process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, size = 260	2	Fn
Module	Load	module_name = SXS.DLL, base_address = 0x74ec0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x74f07685	1	Fn
Module	Get Handle	module_name = c:\windows\syswow64\user32.dll, base_address = 0x75120000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x75137d2f	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x75143150	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x7515e7a0	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x75145281	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x7514451a	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x75144413	1	Fn
Window	Create	class_name = ThunderRT6Main, wndproc_parameter = 0	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors	1	Fn
Window	Create	class_name = VBMsoStdCompMgr, wndproc_parameter = 0	1	Fn
Window	Set Attribute	class_name = VBMsoStdCompMgr, index = 0, new_long = 3547292	1	Fn
Window	Create	class_name = VBFocusRT6, wndproc_parameter = 0	1	Fn
Registry	Open Key	reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors	1	Fn
System	Get Info	type = Operating System	1	Fn
Keyboard	Get Info	type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721	1	Fn
Window	Create	window_name = Southlander, wndproc_parameter = 0	1	Fn
Window	Create	window_name = Southlander, wndproc_parameter = 0	1	Fn
Module	Load	module_name = ADVAPI32.DLL, base_address = 0x76760000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\advapi32.dll, function = CloseEventLog, address_out = 0x767677c3	1	Fn
Module	Load	module_name = ADVAPI32.DLL, base_address = 0x76760000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\advapi32.dll, function = SetAclInformation, address_out = 0x767a34e3	1	Fn
Module	Load	module_name = user32, base_address = 0x75120000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = CreateDialogIndirectParamA, address_out = 0x7514b029	1	Fn
Module	Load	module_name = winspool.drv, base_address = 0x74e60000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\winspool.drv, function = DeletePrintProcessorA, address_out = 0x74e68aff	1	Fn
Module	Get Filename	module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe, size = 260	1	Fn
Window	Set Attribute	window_name = Southlander, index = 18446744073709551600, new_long = 114229248	1	Fn
Window	Set Attribute	window_name = Southlander, index = 18446744073709551596, new_long = 256	1	Fn
System	Get Time	type = Ticks, time = 59467	1	Fn
System	Get Time	type = Ticks, time = 59483	2	Fn
System	Get Time	type = Ticks, time = 59639	2	Fn
System	Sleep	duration = 0 milliseconds (0.000 seconds)	1	Fn
System	Get Time	type = Ticks, time = 59670	4	Fn
System	Sleep	duration = 0 milliseconds (0.000 seconds)	1	Fn
Module	Load	module_name = user32, base_address = 0x75120000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = CreateWindowExA, address_out = 0x7513d22e	1	Fn
Window	Create	window_name = çSÌ¥ËhÑÃ7¯¸X ²B, class_name = STATIC, wndproc_parameter = 0	1	Fn
Module	Load	module_name = user32, base_address = 0x75120000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = ShowWindow, address_out = 0x75140dfb	1	Fn
Module	Load	module_name = Msvbvm60.dll, base_address = 0x72940000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\msvbvm60.dll, function = rtcDoEvents, address_out = 0x72a0e0f7	1	Fn
System	Get Time	type = Ticks, time = 66050	1	Fn
System	Sleep	duration = 0 milliseconds (0.000 seconds)	1	Fn
Module	Load	module_name = user32, base_address = 0x75120000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = EnumWindows, address_out = 0x7513d1cf	1	Fn
Module	Load	module_name = kernel32, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x765c1856	1	Fn
Module	Load	module_name = kernel32, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x765c110c	1	Fn
Module	Load	module_name = kernel32, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x765c10ff	1	Fn
System	Get Time	type = Ticks, time = 75317	1	Fn
System	Sleep	duration = 2000 milliseconds (2.000 seconds)	1	Fn
System	Get Time	type = Ticks, time = 77329	1	Fn
Module	Load	module_name = kernel32, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = SetErrorMode, address_out = 0x765c1b00	1	Fn
Module	Load	module_name = kernel32, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x765c11a9	1	Fn
Module	Load	module_name = kernel32, base_address = 0x765b0000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAllocEx, address_out = 0x765dd9b0	1	Fn
Module	Load	module_name = user32, base_address = 0x75120000	1	Fn
Module	Get Address	module_name = c:\windows\syswow64\user32.dll, function = GetCursorPos, address_out = 0x75141218	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
System	Get Cursor	x_out = 440, y_out = 844	1	Fn
System	Sleep	duration = 1 milliseconds (0.001 seconds)	1	Fn
For performance reasons, the remaining 183 entries are omitted. The remaining entries can be found in glog.xml.

Process #2: ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe

(Host: 8, Network: 0)

Information	Value
ID	#2
File Name	c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe
Command Line	"C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe"
Initial Working Directory	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\
Monitor	Start Time: 00:00:50, Reason: Child Process
Unmonitor	End Time: 00:01:07, Reason: Terminated by Timeout
Monitor Duration	00:00:17

OS Process Information

Information	Value
PID	0xa20
Parent PID	0x9e8 (c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe)
Is Created or Modified Executable
Integrity Level	High (Elevated)
Username	XDUWTFONO\5p5NrGJn0jS HALPmcxz
Groups	XDUWTFONO\Domain Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) Everyone (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) BUILTIN\Administrators (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, OWNER) BUILTIN\Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\INTERACTIVE (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) CONSOLE LOGON (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Authenticated Users (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\This Organization (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\Logon Session 00000000:00010611 (MANDATORY, ENABLED_BY_DEFAULT, ENABLED, LOGON_ID) LOCAL (MANDATORY, ENABLED_BY_DEFAULT, ENABLED) NT AUTHORITY\NTLM Authentication (MANDATORY, ENABLED_BY_DEFAULT, ENABLED)
Enabled Privileges	SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege
Thread IDs	0x A24

Region

Name	Start VA	End VA	Type	Permissions	Actions
private_0x0000000000010000	0x00010000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000010000	0x00010000	0x0001ffff	Pagefile Backed Memory	Readable, Writable	Region Actions
private_0x0000000000020000	0x00020000	0x0002ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000030000	0x00030000	0x00031fff	Private Memory	Readable, Writable	Region Actions Download Dump
apisetschema.dll	0x00040000	0x00040fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000000050000	0x00050000	0x0008ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000090000	0x00090000	0x0018ffff	Private Memory	Readable, Writable	Region Actions Download Dump
pagefile_0x0000000000190000	0x00190000	0x00193fff	Pagefile Backed Memory	Readable	Region Actions
locale.nls	0x001a0000	0x00206fff	Memory Mapped File	Readable	Region Actions
private_0x00000000002b0000	0x002b0000	0x0032ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000400000	0x00400000	0x00423fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000000540000	0x00540000	0x0063ffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000780000	0x00780000	0x00900fff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x0000000000910000	0x00910000	0x00c12fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
wow64win.dll	0x73a70000	0x73acbfff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64.dll	0x73ad0000	0x73b0efff	Memory Mapped File	Readable, Writable, Executable	Region Actions
wow64cpu.dll	0x73b40000	0x73b47fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernelbase.dll	0x75320000	0x75365fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
kernel32.dll	0x765b0000	0x766bffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
private_0x0000000077160000	0x77160000	0x77259fff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
private_0x0000000077260000	0x77260000	0x7737efff	Private Memory	Readable, Writable, Executable	Region Actions Download Dump
ntdll.dll	0x77380000	0x77528fff	Memory Mapped File	Readable, Writable, Executable	Region Actions
ntdll.dll	0x77560000	0x776dffff	Memory Mapped File	Readable, Writable, Executable	Region Actions
pagefile_0x000000007efb0000	0x7efb0000	0x7efd2fff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007efdb000	0x7efdb000	0x7efddfff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efde000	0x7efde000	0x7efdefff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efdf000	0x7efdf000	0x7efdffff	Private Memory	Readable, Writable	Region Actions Download Dump
private_0x000000007efe0000	0x7efe0000	0x7ffdffff	Private Memory	Readable	Region Actions
pagefile_0x000000007efe0000	0x7efe0000	0x7f0dffff	Pagefile Backed Memory	Readable	Region Actions
private_0x000000007f0e0000	0x7f0e0000	0x7ffdffff	Private Memory	Readable	Region Actions
private_0x000000007ffe0000	0x7ffe0000	0x7ffeffff	Private Memory	Readable	Region Actions Download Dump
private_0x000000007fff0000	0x7fff0000	0x7fffffeffff	Private Memory	Readable	Region Actions

Injection Information

Injection Type	Source Process	Source Os Thread ID	Injection Info	Count	Logfile
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	0x9ec	address = 0x400000, size = 512	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	0x9ec	address = 0x400000, size = 1	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	0x9ec	address = 0x401000, size = 141824	1	Fn Data
Modify Memory	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	0x9ec	address = 0x7efde008, size = 4	1	Fn Data
Modify Control Flow	#1: c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	0x9ec	os_tid = 0xa24, address = 0x775701c4	1	Fn

Threads

Thread 0xa24

(Host: 8, Network: 0)

Category	Operation	Information	Count	Logfile
File	Create	filename = \??\C:\Windows\SysWOW64\ntdll.dll, desired_access = FILE_READ_DATA, FILE_READ_EA, FILE_READ_ATTRIBUTES, READ_CONTROL, SYNCHRONIZE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
File	Get Info	filename = \??\C:\Windows\SysWOW64\ntdll.dll, type = extended	1	Fn
File	Read	filename = \??\C:\Windows\SysWOW64\ntdll.dll, offset = 0, size = 1292096	1	Fn
File	Create	filename = \??\C:\Windows\SysWOW64\ntdll.dll, desired_access = FILE_READ_DATA, FILE_READ_EA, FILE_READ_ATTRIBUTES, READ_CONTROL, SYNCHRONIZE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE	1	Fn
File	Get Info	filename = \??\C:\Windows\SysWOW64\ntdll.dll, type = extended	1	Fn
Debug	Check for Presence	c:\users\5p5nrgjn0js halpmcxz\desktop\ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d.exe	1	Fn
System	Get Info	type = SYSTEM_PROCESS_INFORMATION	1	Fn