2999babb...1d70 | Sequential Behavior
Try VMRay Analyzer
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\windows\system32\cscript.exe |
| Command Line | "C:\Windows\System32\CScript.exe" "C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:20, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:00 |
| Information | Value |
|---|---|
| PID | 0xf80 |
| Parent PID | 0x728 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F84
0x
FF0
0x
FF4
0x
FF8
0x
FFC
0x
C5C
0x
C20
0x
C18
0x
C6C
0x
C78
0x
C74
0x
650
0x
C90
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\ciihmn~1\appdata\local\temp\84526935.scr | 479.00 KB (490496 bytes) |
MD5:
f549977bce0051085abbe8d7728be589
SHA1: 33e0317a4da4cc10737f5ff54f010315a3b71867 SHA256: 21610f6f3397058086f90d9e0f74ba524aeb69d788efca24f344327460532a58 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff7cbfd0000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffb3d27d550 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Enabled, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = LogSecuritySuccesses, data = 0, type = REG_NONE |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = HeapSetInformation, address_out = 0x7ffb3d280f40 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\cscript.exe, process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = IgnoreUserSettings, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = TrustPolicy, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = UseWINSAFER, data = 1, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data = 1, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = Timeout, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings, value_name = DisplayLogo, data = 49, type = REG_NONE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 110 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\.WSF |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\.WSF, data = WSFFile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\WSFFile\ScriptEngine |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x7ffb2ea50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\urlmon.dll, function = CreateURLMonikerEx, address_out = 0x7ffb2ea74fe0 |
|
1 | |
| COM | Create | interface = 06290BEA-48AA-11D2-8432-006008C3FBFC, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | Create | interface = 06290BEA-48AA-11D2-8432-006008C3FBFC, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| COM | Create | interface = 342D1EA0-AE25-11D1-89C5-006008C3FBFC, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = System Directory |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\shlwapi.dll, base_address = 0x7ffb3a9f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = PathCreateFromUrlW, address_out = 0x7ffb3a9fc5e0 |
|
1 | |
| COM | Get Class ID | cls_id = F414C260-6AC0-11CF-B6D1-00AA00BBBB58, prog_id = JScript |
|
1 | |
| Module | Load | module_name = WLDP.DLL, base_address = 0x7ffb2bea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wldp.dll, function = WldpGetLockdownPolicy, address_out = 0x7ffb2bea1010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\wldp.dll, function = WldpIsClassInApprovedList, address_out = 0x7ffb2bea3820 |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, type = size |
|
1 | |
| Module | Create Mapping | module_name = C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, filename = C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, protection = PAGE_READONLY, maximum_size = 97272 |
|
1 | |
| Module | Map | C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, process_name = c:\windows\system32\cscript.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\windows\system32\cscript.exe |
|
1 | |
| System | Get Info | type = System Directory |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SaferIdentifyLevel, address_out = 0x7ffb3c2da7d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SaferComputeTokenFromLevel, address_out = 0x7ffb3c2d3ba0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = SaferCloseLevel, address_out = 0x7ffb3c2e6cc0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, type = size |
|
1 | |
| File | Read | filename = C:\Users\CIIHMN~1\Desktop\2999BA~1.WSF, size = 97272, size_out = 97272 |
|
1 | |
| COM | Create | interface = E4D1C9B0-46E8-11D4-A2A6-00104BD35090, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x7ffb3a86d460 |
|
1 | |
| Module | Load | module_name = amsi.dll, base_address = 0x7ffb2d270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\amsi.dll, function = AmsiInitialize, address_out = 0x7ffb2d272260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\amsi.dll, function = AmsiScanString, address_out = 0x7ffb2d2726b0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\COM3, value_name = COM+Enabled, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffb3a800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x7ffb3a85a1b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7ffb3a8be790 |
|
1 | |
| COM | Create | interface = 00000146-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| COM | Create | interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 107531 |
|
1 | |
| Module | Load | module_name = amsi.dll, base_address = 0x7ffb2d270000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\amsi.dll, function = AmsiInitialize, address_out = 0x7ffb2d272260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\amsi.dll, function = AmsiScanString, address_out = 0x7ffb2d2726b0 |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| COM | Create | interface = 6C736DC1-AB0D-11D0-A2AD-00A0C90F27E8, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 107562 |
|
1 | |
| System | Get Time | type = Ticks, time = 107640 |
|
19 | |
| System | Get Time | type = Ticks, time = 107656 |
|
4 | |
| System | Get Time | type = Ticks, time = 108218 |
|
14 | |
| System | Get Time | type = Ticks, time = 108234 |
|
18 | |
| System | Get Time | type = Ticks, time = 108250 |
|
10 | |
| System | Get Time | type = Ticks, time = 108265 |
|
17 | |
| System | Get Time | type = Ticks, time = 108281 |
|
13 | |
| System | Get Time | type = Ticks, time = 108296 |
|
8 | |
| System | Get Time | type = Ticks, time = 108312 |
|
12 | |
| System | Get Time | type = Ticks, time = 108328 |
|
10 | |
| System | Get Time | type = Ticks, time = 108343 |
|
6 | |
| System | Get Time | type = Ticks, time = 108468 |
|
16 | |
| System | Get Time | type = Ticks, time = 108484 |
|
18 | |
| System | Get Time | type = Ticks, time = 108500 |
|
13 | |
| System | Get Time | type = Ticks, time = 108515 |
|
17 | |
| System | Get Time | type = Ticks, time = 108531 |
|
9 | |
| System | Get Time | type = Ticks, time = 108609 |
|
2 | |
| System | Get Time | type = Ticks, time = 108625 |
|
4 | |
| System | Get Time | type = Ticks, time = 108656 |
|
3 | |
| System | Get Time | type = Ticks, time = 108671 |
|
3 | |
| System | Get Time | type = Ticks, time = 108687 |
|
3 | |
| System | Get Time | type = Ticks, time = 108703 |
|
3 | |
| System | Get Time | type = Ticks, time = 108718 |
|
3 | |
| System | Get Time | type = Ticks, time = 108734 |
|
3 | |
| System | Get Time | type = Ticks, time = 108828 |
|
1 | |
| System | Get Time | type = Ticks, time = 108843 |
|
2 | |
| System | Get Time | type = Ticks, time = 108859 |
|
2 | |
| System | Get Time | type = Ticks, time = 108875 |
|
2 | |
| System | Get Time | type = Ticks, time = 108890 |
|
2 | |
| System | Get Time | type = Ticks, time = 108906 |
|
1 | |
| System | Get Time | type = Ticks, time = 108921 |
|
2 | |
| System | Get Time | type = Ticks, time = 108937 |
|
1 | |
| System | Get Time | type = Ticks, time = 108953 |
|
2 | |
| System | Get Time | type = Ticks, time = 108968 |
|
3 | |
| System | Get Time | type = Ticks, time = 108984 |
|
1 | |
| System | Get Time | type = Ticks, time = 109000 |
|
3 | |
| System | Get Time | type = Ticks, time = 109015 |
|
2 | |
| System | Get Time | type = Ticks, time = 109031 |
|
1 | |
| System | Get Time | type = Ticks, time = 109062 |
|
1 | |
| System | Get Time | type = Ticks, time = 109078 |
|
20 | |
| System | Get Time | type = Ticks, time = 109093 |
|
34 | |
| System | Get Time | type = Ticks, time = 109109 |
|
27 | |
| System | Get Time | type = Ticks, time = 109125 |
|
27 | |
| System | Get Time | type = Ticks, time = 109140 |
|
22 | |
| System | Get Time | type = Ticks, time = 109156 |
|
20 | |
| System | Get Time | type = Ticks, time = 109171 |
|
10 | |
| System | Get Time | type = Ticks, time = 109187 |
|
18 | |
| System | Get Time | type = Ticks, time = 109203 |
|
18 | |
| System | Get Time | type = Ticks, time = 109218 |
|
20 | |
| System | Get Time | type = Ticks, time = 109234 |
|
16 | |
| System | Get Time | type = Ticks, time = 109250 |
|
16 | |
| System | Get Time | type = Ticks, time = 109265 |
|
12 | |
| System | Get Time | type = Ticks, time = 109281 |
|
16 | |
| System | Get Time | type = Ticks, time = 109296 |
|
12 | |
| System | Get Time | type = Ticks, time = 109312 |
|
14 | |
| System | Get Time | type = Ticks, time = 109328 |
|
10 | |
| System | Get Time | type = Ticks, time = 109546 |
|
2 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff7cbfd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\cscript.exe, function = 1, address_out = 0x7ff7cbfd1350 |
|
1 | |
| COM | Get Class ID | cls_id = F6D90F16-9C73-11D3-B32E-00C04F990BB4, prog_id = MSXML2.XMLHTTP |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Inet | Open Connection | protocol = https, server_name = www.atdrrtd.vs, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1 |
|
1 | |
| Inet | Receive HTTP Status | status = 12007 |
|
1 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff7cbfd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\cscript.exe, function = 1, address_out = 0x7ff7cbfd1350 |
|
1 | |
| COM | Get Class ID | cls_id = F6D90F16-9C73-11D3-B32E-00C04F990BB4, prog_id = MSXML2.XMLHTTP |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Inet | Open Connection | protocol = https, server_name = wsfxvers.ch, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /fdsffffjt.ico |
|
1 | |
| Inet | Receive HTTP Status | status = 12007 |
|
1 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff7cbfd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\cscript.exe, function = 1, address_out = 0x7ff7cbfd1350 |
|
1 | |
| COM | Get Class ID | cls_id = F6D90F16-9C73-11D3-B32E-00C04F990BB4, prog_id = MSXML2.XMLHTTP |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Inet | Open Connection | protocol = https, server_name = serfd.ch, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /fjgnt343.ico |
|
1 | |
| Inet | Receive HTTP Status | status = 12007 |
|
1 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cscript.exe, file_name_orig = C:\Windows\System32\CScript.exe, size = 261 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cscript.exe, base_address = 0x7ff7cbfd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\cscript.exe, function = 1, address_out = 0x7ff7cbfd1350 |
|
1 | |
| COM | Get Class ID | cls_id = F6D90F16-9C73-11D3-B32E-00C04F990BB4, prog_id = MSXML2.XMLHTTP |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS |
|
1 | |
| Inet | Open Connection | protocol = https, server_name = www.apapernotion.com, server_port = 443 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /wp-includes/Text/ri.php |
|
1 | |
| Inet | Send HTTP Request | url = https://www.apapernotion.com/wp-includes/Text/ri.php |
|
1 | |
| System | Get Time | type = Ticks, time = 111765 |
|
1 | |
| Inet | Receive HTTP Status | status = 200 |
|
1 | |
| COM | Get Class ID | cls_id = 00000566-0000-0010-8000-00AA006D2EA4, prog_id = ADODB.Stream |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Inet | Read Response | size_out = 490496 |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr, size = 490496 |
|
1 | |
| Module | Load | module_name = shell32.dll, base_address = 0x7ffb3aa50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shell32.dll, function = ShellExecuteExW, address_out = 0x7ffb3ab32460 |
|
1 | |
| Process | Create | process_name = C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr, show_window = SW_SHOWNORMAL |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\amsi.dll, function = AmsiUninitialize, address_out = 0x7ffb2d272490 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Window | Create | class_name = WSH-Timer, wndproc_parameter = 671033220080 |
|
1 |
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\users\ciihmn~1\appdata\local\temp\84526935.scr |
| Command Line | "C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr" /S |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:40, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:40 |
| Information | Value |
|---|---|
| PID | 0xbec |
| Parent PID | 0xf80 (c:\windows\system32\cscript.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
568
0x
344
0x
830
0x
468
0x
CA4
0x
C88
0x
CF4
|
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\ciihmn~1\appdata\local\temp\f2d7.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2d8.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2e8.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2f9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2fa.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2fb.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2fc.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f32c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f350.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f351.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f381.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f382.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f383.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f384.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f385.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f396.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f397.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f398.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f399.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f39a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3d9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3da.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3eb.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3ec.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3ed.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3fd.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f41e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f42e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f42f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f430.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f441.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f442.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f472.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f473.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f474.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f475.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f485.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f486.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f487.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f488.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f499.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4b9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4ba.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4bb.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4cc.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4cd.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4ce.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4cf.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4df.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4e0.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f2.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f506.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f507.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f508.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f509.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f50a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f51a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f51b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f51c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f53d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f53e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f53f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f540.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f541.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f551.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f552.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f553.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f554.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f565.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f566.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f567.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f568.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f569.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f579.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f57a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f57b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f57c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f58d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f58e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f58f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f590.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5a1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5a2.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5a3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5b3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5b4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5b5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5c6.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5c7.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5c8.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5d9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5e9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5ea.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5fb.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5fc.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5fd.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f60d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f60e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f60f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f610.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f621.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f622.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f623.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f634.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f635.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f636.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f637.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f647.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f648.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f649.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6b8.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6c8.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6c9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6da.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6db.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6dc.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6ed.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6ee.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6fe.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6ff.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f700.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f701.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f712.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f722.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f723.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f724.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f725.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f736.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f737.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f738.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f749.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f74a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f75a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f75b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f75c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f77d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f77e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f78e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f78f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f790.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7a1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7b1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7c2.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7c3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7d4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7d5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7e5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f806.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f816.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f827.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f837.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f838.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f849.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f84a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f84b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f85c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f86c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f86d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f89d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f89e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f89f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8cf.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8e0.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8f0.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8f1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f902.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f903.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f914.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f915.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f916.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f926.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f927.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f928.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f939.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f93a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f94a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f96b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f96c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f96d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f98d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f98e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f99f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9a0.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9c0.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9c1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9c2.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9d2.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9d3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9d4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9e5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9e6.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9f7.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa07.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa08.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa09.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa0a.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa1b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa2c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa2d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa2e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa3e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa3f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa50.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa51.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa52.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa62.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa63.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa74.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa85.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa86.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa96.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa97.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa98.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa99.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\faaa.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\faca.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\facb.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\facc.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\facd.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb4b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb6b.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb6c.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb6d.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb7e.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb7f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb90.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb91.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fba1.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fba2.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fba3.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb4.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb5.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb6.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb7.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbd7.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbd8.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbe9.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbea.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbeb.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbec.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbfc.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbfd.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbfe.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc0f.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc10.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc11.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc22.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc23.tmp | 0.00 KB (0 bytes) |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2d7.tmp | 0.01 KB (8 bytes) |
MD5:
ab28e0b612bc4ddf226676cd532c962d
SHA1: b59526005703af82972679d96fc346768b4bfae8 SHA256: 60e9853af737363ea6439bee3a65a6683c9afdf1a87425e2e03c4b247e16534f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2d8.tmp | 0.01 KB (8 bytes) |
MD5:
ab28e0b612bc4ddf226676cd532c962d
SHA1: b59526005703af82972679d96fc346768b4bfae8 SHA256: 60e9853af737363ea6439bee3a65a6683c9afdf1a87425e2e03c4b247e16534f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2e8.tmp | 0.01 KB (8 bytes) |
MD5:
fd530f884ded068a1e9bd0ac2a1e36d8
SHA1: 4ccc4866976f7ec567851d7c90015a60fd7ccf2a SHA256: db674604dc1fe9df020558e69b3038c738c697231903aa596700ac18070ffe85 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2f9.tmp | 0.01 KB (8 bytes) |
MD5:
df400c07cdf87dea697f5313673f45da
SHA1: 78a9aa849ec7e4dc62c0a1f49454d93c45aabfca SHA256: da0800d82ed1c8d9d3a55ac2db30f1f9e27fdace3eb20f90926fcfbadc5a26f8 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2fa.tmp | 0.01 KB (8 bytes) |
MD5:
4721c4ad3b7ab96da65f5567ea559b3c
SHA1: 54af4a938d39230c512a88002c59cb74f0bc0d07 SHA256: 4240d971d7c5c08a44a34da39e4e65e50322fa79dfcc7c1904395409116280b7 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2fb.tmp | 0.01 KB (8 bytes) |
MD5:
a8a2dadf629bfbc4b37e71549b0305f3
SHA1: a277c6508628e442c5d51332f94b533596097639 SHA256: 39e93984d5cd1d066156fd8694cede26f9c1cf87a1bcd93412a4adea1d435933 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f2fc.tmp | 0.01 KB (8 bytes) |
MD5:
a8a2dadf629bfbc4b37e71549b0305f3
SHA1: a277c6508628e442c5d51332f94b533596097639 SHA256: 39e93984d5cd1d066156fd8694cede26f9c1cf87a1bcd93412a4adea1d435933 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f32c.tmp | 0.01 KB (8 bytes) |
MD5:
cf7f81d4b988308d3cd856a6b41bbc56
SHA1: 7027b22c141ed485279594918c8593af5e251aba SHA256: b05fdcc590001a2ba4dc7ac6c86157b0f33767ca499f98e60d711e86c4351a7a |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33c.tmp | 0.01 KB (8 bytes) |
MD5:
37b7354ecaa8543098eb12c981ad4402
SHA1: 4d7147388a576aeb70d0f8afb28cfc8461aca2af SHA256: 4509324384f471a0043d8adb1b060297bbf35c6ced8275ed4c667bc78e21bb2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33d.tmp | 0.01 KB (8 bytes) |
MD5:
37b7354ecaa8543098eb12c981ad4402
SHA1: 4d7147388a576aeb70d0f8afb28cfc8461aca2af SHA256: 4509324384f471a0043d8adb1b060297bbf35c6ced8275ed4c667bc78e21bb2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33e.tmp | 0.01 KB (8 bytes) |
MD5:
37b7354ecaa8543098eb12c981ad4402
SHA1: 4d7147388a576aeb70d0f8afb28cfc8461aca2af SHA256: 4509324384f471a0043d8adb1b060297bbf35c6ced8275ed4c667bc78e21bb2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f33f.tmp | 0.01 KB (8 bytes) |
MD5:
37b7354ecaa8543098eb12c981ad4402
SHA1: 4d7147388a576aeb70d0f8afb28cfc8461aca2af SHA256: 4509324384f471a0043d8adb1b060297bbf35c6ced8275ed4c667bc78e21bb2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f350.tmp | 0.01 KB (8 bytes) |
MD5:
6563b28cb7911859a2569c553f469639
SHA1: 11ccbfeeeb88c1587a72cd8875ed8600a511aeec SHA256: 9c91d18494f82e9c8ec624330f428cfb6866396caff0b7ff09ed31f91be429f8 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f351.tmp | 0.01 KB (8 bytes) |
MD5:
6563b28cb7911859a2569c553f469639
SHA1: 11ccbfeeeb88c1587a72cd8875ed8600a511aeec SHA256: 9c91d18494f82e9c8ec624330f428cfb6866396caff0b7ff09ed31f91be429f8 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f381.tmp | 0.01 KB (8 bytes) |
MD5:
103e0b8fd12bb07ef8961566a7765a55
SHA1: f84633d25ea9b41c542644c0a381cb8457721ca2 SHA256: b249383eaadc3cac29adbbd2b933929ed5d6054e781c28770961aecbc70d7974 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f382.tmp | 0.01 KB (8 bytes) |
MD5:
103e0b8fd12bb07ef8961566a7765a55
SHA1: f84633d25ea9b41c542644c0a381cb8457721ca2 SHA256: b249383eaadc3cac29adbbd2b933929ed5d6054e781c28770961aecbc70d7974 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f383.tmp | 0.01 KB (8 bytes) |
MD5:
103e0b8fd12bb07ef8961566a7765a55
SHA1: f84633d25ea9b41c542644c0a381cb8457721ca2 SHA256: b249383eaadc3cac29adbbd2b933929ed5d6054e781c28770961aecbc70d7974 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f384.tmp | 0.01 KB (8 bytes) |
MD5:
103e0b8fd12bb07ef8961566a7765a55
SHA1: f84633d25ea9b41c542644c0a381cb8457721ca2 SHA256: b249383eaadc3cac29adbbd2b933929ed5d6054e781c28770961aecbc70d7974 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f385.tmp | 0.01 KB (8 bytes) |
MD5:
103e0b8fd12bb07ef8961566a7765a55
SHA1: f84633d25ea9b41c542644c0a381cb8457721ca2 SHA256: b249383eaadc3cac29adbbd2b933929ed5d6054e781c28770961aecbc70d7974 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f396.tmp | 0.01 KB (8 bytes) |
MD5:
375354fe68646f0128f6ab29e48869bd
SHA1: 041bcbffc817e9e86000ae0c3c77281280719268 SHA256: 5d393fd606d3ae2b4153699180cef6ad3c3f5aebe6cf05c43c109f7634949670 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f397.tmp | 0.01 KB (8 bytes) |
MD5:
375354fe68646f0128f6ab29e48869bd
SHA1: 041bcbffc817e9e86000ae0c3c77281280719268 SHA256: 5d393fd606d3ae2b4153699180cef6ad3c3f5aebe6cf05c43c109f7634949670 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f398.tmp | 0.01 KB (8 bytes) |
MD5:
375354fe68646f0128f6ab29e48869bd
SHA1: 041bcbffc817e9e86000ae0c3c77281280719268 SHA256: 5d393fd606d3ae2b4153699180cef6ad3c3f5aebe6cf05c43c109f7634949670 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f399.tmp | 0.01 KB (8 bytes) |
MD5:
375354fe68646f0128f6ab29e48869bd
SHA1: 041bcbffc817e9e86000ae0c3c77281280719268 SHA256: 5d393fd606d3ae2b4153699180cef6ad3c3f5aebe6cf05c43c109f7634949670 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f39a.tmp | 0.01 KB (8 bytes) |
MD5:
375354fe68646f0128f6ab29e48869bd
SHA1: 041bcbffc817e9e86000ae0c3c77281280719268 SHA256: 5d393fd606d3ae2b4153699180cef6ad3c3f5aebe6cf05c43c109f7634949670 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3d9.tmp | 0.01 KB (8 bytes) |
MD5:
9914902ffd73d3d52944d5f02c990052
SHA1: f1ba32861024ce89f2616150c71bd25a0be1097a SHA256: 438e2d2f7eed159de5d7d589ba5188e73b43c5f47aa6d561169346ae1e3d1c05 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3da.tmp | 0.01 KB (8 bytes) |
MD5:
9914902ffd73d3d52944d5f02c990052
SHA1: f1ba32861024ce89f2616150c71bd25a0be1097a SHA256: 438e2d2f7eed159de5d7d589ba5188e73b43c5f47aa6d561169346ae1e3d1c05 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3eb.tmp | 0.01 KB (8 bytes) |
MD5:
2841502da02a6dc1929c6b679d2d952b
SHA1: e9542f012dcc2786e80130fd539129b7f7d6d553 SHA256: 7faae97a81dfe6e3a19ab568d3c36e4b68df217f4c7f21ea4bc13c1e33b8e92c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3ec.tmp | 0.01 KB (8 bytes) |
MD5:
2841502da02a6dc1929c6b679d2d952b
SHA1: e9542f012dcc2786e80130fd539129b7f7d6d553 SHA256: 7faae97a81dfe6e3a19ab568d3c36e4b68df217f4c7f21ea4bc13c1e33b8e92c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3ed.tmp | 0.01 KB (8 bytes) |
MD5:
2841502da02a6dc1929c6b679d2d952b
SHA1: e9542f012dcc2786e80130fd539129b7f7d6d553 SHA256: 7faae97a81dfe6e3a19ab568d3c36e4b68df217f4c7f21ea4bc13c1e33b8e92c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f3fd.tmp | 0.01 KB (8 bytes) |
MD5:
14f8d6416125ae53432caacf7f85edcf
SHA1: cb0dc4b48c5703356951c02485ad6fcea8f6bc96 SHA256: 22924b1e57cb5405ae74e97b9d7b20c90b31c6111067035a1072de62688e230e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f41e.tmp | 0.01 KB (8 bytes) |
MD5:
aa75d8a30aacd8184640a5bc63dd8add
SHA1: 158000124dbae9ab0a834a306a1f2e52ead8cedd SHA256: c20f0cc73e42057066194ead502dee19fe7b65238890cc6ea3eca658d96ea018 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f42e.tmp | 0.01 KB (8 bytes) |
MD5:
684c21c6a46af124447bdb10f9c4de69
SHA1: ebeb1642dad077201aab5cd2566c8f34b0a3b604 SHA256: a7c626455caeb41a1a6db61c703e08eb645ad45d2d84587ed95e25a1dccf756d |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f42f.tmp | 0.01 KB (8 bytes) |
MD5:
684c21c6a46af124447bdb10f9c4de69
SHA1: ebeb1642dad077201aab5cd2566c8f34b0a3b604 SHA256: a7c626455caeb41a1a6db61c703e08eb645ad45d2d84587ed95e25a1dccf756d |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f430.tmp | 0.01 KB (8 bytes) |
MD5:
684c21c6a46af124447bdb10f9c4de69
SHA1: ebeb1642dad077201aab5cd2566c8f34b0a3b604 SHA256: a7c626455caeb41a1a6db61c703e08eb645ad45d2d84587ed95e25a1dccf756d |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f441.tmp | 0.01 KB (8 bytes) |
MD5:
18ccd98a45f94ad63b8f2751d5c64f47
SHA1: 39cce3420bf79b006df70fad5bd4bd25a4ed2354 SHA256: 2a020923b05677c27a82d2e6b8a3e4385827616724b78702394d76b0a03a3841 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f442.tmp | 0.01 KB (8 bytes) |
MD5:
18ccd98a45f94ad63b8f2751d5c64f47
SHA1: 39cce3420bf79b006df70fad5bd4bd25a4ed2354 SHA256: 2a020923b05677c27a82d2e6b8a3e4385827616724b78702394d76b0a03a3841 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f472.tmp | 0.01 KB (8 bytes) |
MD5:
0fe5a713f286f220c91a08b30542ae0f
SHA1: 452bdea5a923e770304174c86876749ad68736e5 SHA256: 8123adf3394eb1db518c72de323441ab548b3ab30b9d3844102c1723c94d2f83 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f473.tmp | 0.01 KB (8 bytes) |
MD5:
0fe5a713f286f220c91a08b30542ae0f
SHA1: 452bdea5a923e770304174c86876749ad68736e5 SHA256: 8123adf3394eb1db518c72de323441ab548b3ab30b9d3844102c1723c94d2f83 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f474.tmp | 0.01 KB (8 bytes) |
MD5:
0fe5a713f286f220c91a08b30542ae0f
SHA1: 452bdea5a923e770304174c86876749ad68736e5 SHA256: 8123adf3394eb1db518c72de323441ab548b3ab30b9d3844102c1723c94d2f83 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f475.tmp | 0.01 KB (8 bytes) |
MD5:
0fe5a713f286f220c91a08b30542ae0f
SHA1: 452bdea5a923e770304174c86876749ad68736e5 SHA256: 8123adf3394eb1db518c72de323441ab548b3ab30b9d3844102c1723c94d2f83 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f485.tmp | 0.01 KB (8 bytes) |
MD5:
e102f4f45076f59380e7c6d844d55c39
SHA1: 3ac8c45455eaec9ee64251ecece9f70481af4b21 SHA256: 7822a8a931d8d38d67968a64e969ab18e9369a8d0b3fadbfd0018add463b0dd9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f486.tmp | 0.01 KB (8 bytes) |
MD5:
e102f4f45076f59380e7c6d844d55c39
SHA1: 3ac8c45455eaec9ee64251ecece9f70481af4b21 SHA256: 7822a8a931d8d38d67968a64e969ab18e9369a8d0b3fadbfd0018add463b0dd9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f487.tmp | 0.01 KB (8 bytes) |
MD5:
e102f4f45076f59380e7c6d844d55c39
SHA1: 3ac8c45455eaec9ee64251ecece9f70481af4b21 SHA256: 7822a8a931d8d38d67968a64e969ab18e9369a8d0b3fadbfd0018add463b0dd9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f488.tmp | 0.01 KB (8 bytes) |
MD5:
e102f4f45076f59380e7c6d844d55c39
SHA1: 3ac8c45455eaec9ee64251ecece9f70481af4b21 SHA256: 7822a8a931d8d38d67968a64e969ab18e9369a8d0b3fadbfd0018add463b0dd9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f499.tmp | 0.01 KB (8 bytes) |
MD5:
9884e4f00c2714eeebf230e5b40e9480
SHA1: be8269c4c4929b4f35d057725d122d17805716b9 SHA256: f42fda1c199b447e1d1e4008eb7897c4ca4ecf3a2f7fdea829b9c35e6e044458 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4b9.tmp | 0.01 KB (8 bytes) |
MD5:
b9fbcebb04b9f7e4d3f07b023a0229fd
SHA1: f2173b4759317545d5f81a88982aa637099de5b6 SHA256: 359c38c6582afda6a9913c1f4870e5e35e47a1f8d6959dea71abb2b94b094476 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4ba.tmp | 0.01 KB (8 bytes) |
MD5:
b9fbcebb04b9f7e4d3f07b023a0229fd
SHA1: f2173b4759317545d5f81a88982aa637099de5b6 SHA256: 359c38c6582afda6a9913c1f4870e5e35e47a1f8d6959dea71abb2b94b094476 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4bb.tmp | 0.01 KB (8 bytes) |
MD5:
b9fbcebb04b9f7e4d3f07b023a0229fd
SHA1: f2173b4759317545d5f81a88982aa637099de5b6 SHA256: 359c38c6582afda6a9913c1f4870e5e35e47a1f8d6959dea71abb2b94b094476 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4cc.tmp | 0.01 KB (8 bytes) |
MD5:
b3574d66d7c98d6f82168937555180f2
SHA1: c7e08e3a085493db3cb9df920890015bda11cc50 SHA256: 8544a403db6bc12357c9d122731239fb5101b1949bdfe09ffe6dbfeebcc73919 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4cd.tmp | 0.01 KB (8 bytes) |
MD5:
b3574d66d7c98d6f82168937555180f2
SHA1: c7e08e3a085493db3cb9df920890015bda11cc50 SHA256: 8544a403db6bc12357c9d122731239fb5101b1949bdfe09ffe6dbfeebcc73919 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4ce.tmp | 0.01 KB (8 bytes) |
MD5:
b3574d66d7c98d6f82168937555180f2
SHA1: c7e08e3a085493db3cb9df920890015bda11cc50 SHA256: 8544a403db6bc12357c9d122731239fb5101b1949bdfe09ffe6dbfeebcc73919 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4cf.tmp | 0.01 KB (8 bytes) |
MD5:
b3574d66d7c98d6f82168937555180f2
SHA1: c7e08e3a085493db3cb9df920890015bda11cc50 SHA256: 8544a403db6bc12357c9d122731239fb5101b1949bdfe09ffe6dbfeebcc73919 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4df.tmp | 0.01 KB (8 bytes) |
MD5:
426861378070228083370ab1716f5d34
SHA1: 6bdb6c1b524e52bc373739e7022ee164a7b63086 SHA256: c371441da18d02cf86e7de5a784754e94b67f74f69012029901896b081d114d2 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4e0.tmp | 0.01 KB (8 bytes) |
MD5:
426861378070228083370ab1716f5d34
SHA1: 6bdb6c1b524e52bc373739e7022ee164a7b63086 SHA256: c371441da18d02cf86e7de5a784754e94b67f74f69012029901896b081d114d2 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f1.tmp | 0.01 KB (8 bytes) |
MD5:
8c63a5d8e82e6edd83997890130d40c7
SHA1: cb22abc76e59b8fd55b756731f2942b02a50d765 SHA256: 854926af3596aa48c171f2877729389f90de5d6add7a00334444d67683c510d6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f2.tmp | 0.01 KB (8 bytes) |
MD5:
8c63a5d8e82e6edd83997890130d40c7
SHA1: cb22abc76e59b8fd55b756731f2942b02a50d765 SHA256: 854926af3596aa48c171f2877729389f90de5d6add7a00334444d67683c510d6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f3.tmp | 0.01 KB (8 bytes) |
MD5:
8c63a5d8e82e6edd83997890130d40c7
SHA1: cb22abc76e59b8fd55b756731f2942b02a50d765 SHA256: 854926af3596aa48c171f2877729389f90de5d6add7a00334444d67683c510d6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f4.tmp | 0.01 KB (8 bytes) |
MD5:
8c63a5d8e82e6edd83997890130d40c7
SHA1: cb22abc76e59b8fd55b756731f2942b02a50d765 SHA256: 854926af3596aa48c171f2877729389f90de5d6add7a00334444d67683c510d6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f4f5.tmp | 0.01 KB (8 bytes) |
MD5:
8c63a5d8e82e6edd83997890130d40c7
SHA1: cb22abc76e59b8fd55b756731f2942b02a50d765 SHA256: 854926af3596aa48c171f2877729389f90de5d6add7a00334444d67683c510d6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f506.tmp | 0.01 KB (8 bytes) |
MD5:
c753a995dd61c55c0ce9d9d0c996ed8a
SHA1: 3ddcbdc4fe23523efffc6cd03757955809caa83f SHA256: d0750b1dbe19dff3d69c999b47a93a5cf6b79c4e776579d6372394b6c22b4226 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f507.tmp | 0.01 KB (8 bytes) |
MD5:
c753a995dd61c55c0ce9d9d0c996ed8a
SHA1: 3ddcbdc4fe23523efffc6cd03757955809caa83f SHA256: d0750b1dbe19dff3d69c999b47a93a5cf6b79c4e776579d6372394b6c22b4226 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f508.tmp | 0.01 KB (8 bytes) |
MD5:
c753a995dd61c55c0ce9d9d0c996ed8a
SHA1: 3ddcbdc4fe23523efffc6cd03757955809caa83f SHA256: d0750b1dbe19dff3d69c999b47a93a5cf6b79c4e776579d6372394b6c22b4226 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f509.tmp | 0.01 KB (8 bytes) |
MD5:
c753a995dd61c55c0ce9d9d0c996ed8a
SHA1: 3ddcbdc4fe23523efffc6cd03757955809caa83f SHA256: d0750b1dbe19dff3d69c999b47a93a5cf6b79c4e776579d6372394b6c22b4226 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f50a.tmp | 0.01 KB (8 bytes) |
MD5:
c753a995dd61c55c0ce9d9d0c996ed8a
SHA1: 3ddcbdc4fe23523efffc6cd03757955809caa83f SHA256: d0750b1dbe19dff3d69c999b47a93a5cf6b79c4e776579d6372394b6c22b4226 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f51a.tmp | 0.01 KB (8 bytes) |
MD5:
a3894421dceb69d0f1ad369951902696
SHA1: ec9e7a1edd0c96c7522983fc4d03bfe30a7446a5 SHA256: 16d20f692fc19048728ae91e65e8c6e1e260af1e71617b19192047fd64ea981e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f51b.tmp | 0.01 KB (8 bytes) |
MD5:
a3894421dceb69d0f1ad369951902696
SHA1: ec9e7a1edd0c96c7522983fc4d03bfe30a7446a5 SHA256: 16d20f692fc19048728ae91e65e8c6e1e260af1e71617b19192047fd64ea981e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f51c.tmp | 0.01 KB (8 bytes) |
MD5:
a3894421dceb69d0f1ad369951902696
SHA1: ec9e7a1edd0c96c7522983fc4d03bfe30a7446a5 SHA256: 16d20f692fc19048728ae91e65e8c6e1e260af1e71617b19192047fd64ea981e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f53d.tmp | 0.01 KB (8 bytes) |
MD5:
7d1c896adc01c20ba38921c393cf3bf5
SHA1: 0a6d1315f79a81a81ff0baebe5a096255566bab0 SHA256: 4655b8389012aa3c527d58ae9ca214ca5ed4cdfbf378bcd6fe1a04b3b53e85ca |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f53e.tmp | 0.01 KB (8 bytes) |
MD5:
7d1c896adc01c20ba38921c393cf3bf5
SHA1: 0a6d1315f79a81a81ff0baebe5a096255566bab0 SHA256: 4655b8389012aa3c527d58ae9ca214ca5ed4cdfbf378bcd6fe1a04b3b53e85ca |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f53f.tmp | 0.01 KB (8 bytes) |
MD5:
7d1c896adc01c20ba38921c393cf3bf5
SHA1: 0a6d1315f79a81a81ff0baebe5a096255566bab0 SHA256: 4655b8389012aa3c527d58ae9ca214ca5ed4cdfbf378bcd6fe1a04b3b53e85ca |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f540.tmp | 0.01 KB (8 bytes) |
MD5:
7d1c896adc01c20ba38921c393cf3bf5
SHA1: 0a6d1315f79a81a81ff0baebe5a096255566bab0 SHA256: 4655b8389012aa3c527d58ae9ca214ca5ed4cdfbf378bcd6fe1a04b3b53e85ca |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f541.tmp | 0.01 KB (8 bytes) |
MD5:
7d1c896adc01c20ba38921c393cf3bf5
SHA1: 0a6d1315f79a81a81ff0baebe5a096255566bab0 SHA256: 4655b8389012aa3c527d58ae9ca214ca5ed4cdfbf378bcd6fe1a04b3b53e85ca |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f551.tmp | 0.01 KB (8 bytes) |
MD5:
4a0b19c62039f27899009aabbdf4770d
SHA1: f7cd0536d3e7f06fa69d9d2445911a3048a59c29 SHA256: 7567e47e4a26c271f09bf78392cd1a89f48c9803f8393306761911ebb53f032c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f552.tmp | 0.01 KB (8 bytes) |
MD5:
4a0b19c62039f27899009aabbdf4770d
SHA1: f7cd0536d3e7f06fa69d9d2445911a3048a59c29 SHA256: 7567e47e4a26c271f09bf78392cd1a89f48c9803f8393306761911ebb53f032c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f553.tmp | 0.01 KB (8 bytes) |
MD5:
4a0b19c62039f27899009aabbdf4770d
SHA1: f7cd0536d3e7f06fa69d9d2445911a3048a59c29 SHA256: 7567e47e4a26c271f09bf78392cd1a89f48c9803f8393306761911ebb53f032c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f554.tmp | 0.01 KB (8 bytes) |
MD5:
4a0b19c62039f27899009aabbdf4770d
SHA1: f7cd0536d3e7f06fa69d9d2445911a3048a59c29 SHA256: 7567e47e4a26c271f09bf78392cd1a89f48c9803f8393306761911ebb53f032c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f565.tmp | 0.01 KB (8 bytes) |
MD5:
23b161ac199d8c597729dbdb84b9c077
SHA1: 03ecd7fa3b32daf89555f179195c5c4ea2eea2d9 SHA256: c7624be02d1c2cb148ab1636771aebeb4cbb4eaa771e63c14b6433a1ee5b33c4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f566.tmp | 0.01 KB (8 bytes) |
MD5:
23b161ac199d8c597729dbdb84b9c077
SHA1: 03ecd7fa3b32daf89555f179195c5c4ea2eea2d9 SHA256: c7624be02d1c2cb148ab1636771aebeb4cbb4eaa771e63c14b6433a1ee5b33c4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f567.tmp | 0.01 KB (8 bytes) |
MD5:
23b161ac199d8c597729dbdb84b9c077
SHA1: 03ecd7fa3b32daf89555f179195c5c4ea2eea2d9 SHA256: c7624be02d1c2cb148ab1636771aebeb4cbb4eaa771e63c14b6433a1ee5b33c4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f568.tmp | 0.01 KB (8 bytes) |
MD5:
23b161ac199d8c597729dbdb84b9c077
SHA1: 03ecd7fa3b32daf89555f179195c5c4ea2eea2d9 SHA256: c7624be02d1c2cb148ab1636771aebeb4cbb4eaa771e63c14b6433a1ee5b33c4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f569.tmp | 0.01 KB (8 bytes) |
MD5:
23b161ac199d8c597729dbdb84b9c077
SHA1: 03ecd7fa3b32daf89555f179195c5c4ea2eea2d9 SHA256: c7624be02d1c2cb148ab1636771aebeb4cbb4eaa771e63c14b6433a1ee5b33c4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f579.tmp | 0.01 KB (8 bytes) |
MD5:
6c2e843da5e5c4585641c3e39a20d0b5
SHA1: b0310d8410d972e6653160557a61c3740a392da7 SHA256: f8f41e0bf9b26685f9f49a646407fda564b61f98fbfc46499113ebfaf04ca409 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f57a.tmp | 0.01 KB (8 bytes) |
MD5:
6c2e843da5e5c4585641c3e39a20d0b5
SHA1: b0310d8410d972e6653160557a61c3740a392da7 SHA256: f8f41e0bf9b26685f9f49a646407fda564b61f98fbfc46499113ebfaf04ca409 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f57b.tmp | 0.01 KB (8 bytes) |
MD5:
6c2e843da5e5c4585641c3e39a20d0b5
SHA1: b0310d8410d972e6653160557a61c3740a392da7 SHA256: f8f41e0bf9b26685f9f49a646407fda564b61f98fbfc46499113ebfaf04ca409 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f57c.tmp | 0.01 KB (8 bytes) |
MD5:
6c2e843da5e5c4585641c3e39a20d0b5
SHA1: b0310d8410d972e6653160557a61c3740a392da7 SHA256: f8f41e0bf9b26685f9f49a646407fda564b61f98fbfc46499113ebfaf04ca409 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f58d.tmp | 0.01 KB (8 bytes) |
MD5:
82a4d57805e2c28295c1b84376ec3403
SHA1: 9b8b4271cd9764a98008263488ebde8bf9a0e68b SHA256: 3de59a36c317e7c0fae4c4aec2d5631570bee33aa9253993883c14fb2da50bcf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f58e.tmp | 0.01 KB (8 bytes) |
MD5:
82a4d57805e2c28295c1b84376ec3403
SHA1: 9b8b4271cd9764a98008263488ebde8bf9a0e68b SHA256: 3de59a36c317e7c0fae4c4aec2d5631570bee33aa9253993883c14fb2da50bcf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f58f.tmp | 0.01 KB (8 bytes) |
MD5:
82a4d57805e2c28295c1b84376ec3403
SHA1: 9b8b4271cd9764a98008263488ebde8bf9a0e68b SHA256: 3de59a36c317e7c0fae4c4aec2d5631570bee33aa9253993883c14fb2da50bcf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f590.tmp | 0.01 KB (8 bytes) |
MD5:
82a4d57805e2c28295c1b84376ec3403
SHA1: 9b8b4271cd9764a98008263488ebde8bf9a0e68b SHA256: 3de59a36c317e7c0fae4c4aec2d5631570bee33aa9253993883c14fb2da50bcf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5a1.tmp | 0.01 KB (8 bytes) |
MD5:
65bd4174941856c5365044693e566c11
SHA1: 03448f68180ca7416d9353e9c8430b8188253396 SHA256: f36f82223a4a106163c74c0ad620c3047d3cc2cdc0e232801e223e95381d309c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5a2.tmp | 0.01 KB (8 bytes) |
MD5:
65bd4174941856c5365044693e566c11
SHA1: 03448f68180ca7416d9353e9c8430b8188253396 SHA256: f36f82223a4a106163c74c0ad620c3047d3cc2cdc0e232801e223e95381d309c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5a3.tmp | 0.01 KB (8 bytes) |
MD5:
65bd4174941856c5365044693e566c11
SHA1: 03448f68180ca7416d9353e9c8430b8188253396 SHA256: f36f82223a4a106163c74c0ad620c3047d3cc2cdc0e232801e223e95381d309c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5b3.tmp | 0.01 KB (8 bytes) |
MD5:
909c4777c9d2ceee9731b841043461e7
SHA1: 836254f5cbc625d36dcdc47b8574c639efe502ee SHA256: 5642676307f1b769c607971b10c0cfa559892ae103fe09d5ea636dd2e7d9d01f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5b4.tmp | 0.01 KB (8 bytes) |
MD5:
909c4777c9d2ceee9731b841043461e7
SHA1: 836254f5cbc625d36dcdc47b8574c639efe502ee SHA256: 5642676307f1b769c607971b10c0cfa559892ae103fe09d5ea636dd2e7d9d01f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5b5.tmp | 0.01 KB (8 bytes) |
MD5:
909c4777c9d2ceee9731b841043461e7
SHA1: 836254f5cbc625d36dcdc47b8574c639efe502ee SHA256: 5642676307f1b769c607971b10c0cfa559892ae103fe09d5ea636dd2e7d9d01f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5c6.tmp | 0.01 KB (8 bytes) |
MD5:
dac45c31e753c98cdfbb9a51edfb4ed1
SHA1: bb0f1154d13a8eb32ab2ea618c6b387761bdf2c7 SHA256: fa5f036fda7fcdfeb8aa05db8ff3ac6b531c448f81eb24a4f57df9709054c5ec |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5c7.tmp | 0.01 KB (8 bytes) |
MD5:
dac45c31e753c98cdfbb9a51edfb4ed1
SHA1: bb0f1154d13a8eb32ab2ea618c6b387761bdf2c7 SHA256: fa5f036fda7fcdfeb8aa05db8ff3ac6b531c448f81eb24a4f57df9709054c5ec |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5c8.tmp | 0.01 KB (8 bytes) |
MD5:
dac45c31e753c98cdfbb9a51edfb4ed1
SHA1: bb0f1154d13a8eb32ab2ea618c6b387761bdf2c7 SHA256: fa5f036fda7fcdfeb8aa05db8ff3ac6b531c448f81eb24a4f57df9709054c5ec |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5d9.tmp | 0.01 KB (8 bytes) |
MD5:
5d9e27165b41816cfcc8873e8e932017
SHA1: 86df95f8233d001921091452a721280960ed9701 SHA256: 55da333db9d4c95cad23543590530407e1b8613be331be9544ed0a5a74fe8f47 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5e9.tmp | 0.01 KB (8 bytes) |
MD5:
39651cbfc4ba04e334dfc22acb4677aa
SHA1: f9a26317f4b5230acf410efc869e5cedf678243b SHA256: 8585ea0f33414259b66ecaf5f8704a786967be092f4f9f6cbe3dc837f3833374 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5ea.tmp | 0.01 KB (8 bytes) |
MD5:
39651cbfc4ba04e334dfc22acb4677aa
SHA1: f9a26317f4b5230acf410efc869e5cedf678243b SHA256: 8585ea0f33414259b66ecaf5f8704a786967be092f4f9f6cbe3dc837f3833374 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5fb.tmp | 0.01 KB (8 bytes) |
MD5:
1eb125acfc4ea168b8f1b26d23e6e14a
SHA1: 802479d5223500d2bcb0d688a12919792c1b7234 SHA256: 7044172508df63cd40967a61aa41ae2c93b5beddaeebfbacbe8320bab5369b4f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5fc.tmp | 0.01 KB (8 bytes) |
MD5:
1eb125acfc4ea168b8f1b26d23e6e14a
SHA1: 802479d5223500d2bcb0d688a12919792c1b7234 SHA256: 7044172508df63cd40967a61aa41ae2c93b5beddaeebfbacbe8320bab5369b4f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f5fd.tmp | 0.01 KB (8 bytes) |
MD5:
1eb125acfc4ea168b8f1b26d23e6e14a
SHA1: 802479d5223500d2bcb0d688a12919792c1b7234 SHA256: 7044172508df63cd40967a61aa41ae2c93b5beddaeebfbacbe8320bab5369b4f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f60d.tmp | 0.01 KB (8 bytes) |
MD5:
d679411f3fa692e6b752155b21d207de
SHA1: 0337b72b2c72bf5c45e9302038d87fe81e026adf SHA256: 4fb1ecfa8639a9267c67cbe35f87dc80958c06ea9e061b31449169aff6d63faf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f60e.tmp | 0.01 KB (8 bytes) |
MD5:
d679411f3fa692e6b752155b21d207de
SHA1: 0337b72b2c72bf5c45e9302038d87fe81e026adf SHA256: 4fb1ecfa8639a9267c67cbe35f87dc80958c06ea9e061b31449169aff6d63faf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f60f.tmp | 0.01 KB (8 bytes) |
MD5:
d679411f3fa692e6b752155b21d207de
SHA1: 0337b72b2c72bf5c45e9302038d87fe81e026adf SHA256: 4fb1ecfa8639a9267c67cbe35f87dc80958c06ea9e061b31449169aff6d63faf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f610.tmp | 0.01 KB (8 bytes) |
MD5:
d679411f3fa692e6b752155b21d207de
SHA1: 0337b72b2c72bf5c45e9302038d87fe81e026adf SHA256: 4fb1ecfa8639a9267c67cbe35f87dc80958c06ea9e061b31449169aff6d63faf |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f621.tmp | 0.01 KB (8 bytes) |
MD5:
c434ddec0db61048762ff94721be7089
SHA1: e005a7ef6a8de613bccde48b1ee2a79dc6bb84c5 SHA256: db4e0f1ad6ecb6b825a9c9ba0687efc9038523a0584ab67902c20e2656612ef1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f622.tmp | 0.01 KB (8 bytes) |
MD5:
c434ddec0db61048762ff94721be7089
SHA1: e005a7ef6a8de613bccde48b1ee2a79dc6bb84c5 SHA256: db4e0f1ad6ecb6b825a9c9ba0687efc9038523a0584ab67902c20e2656612ef1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f623.tmp | 0.01 KB (8 bytes) |
MD5:
c434ddec0db61048762ff94721be7089
SHA1: e005a7ef6a8de613bccde48b1ee2a79dc6bb84c5 SHA256: db4e0f1ad6ecb6b825a9c9ba0687efc9038523a0584ab67902c20e2656612ef1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f634.tmp | 0.01 KB (8 bytes) |
MD5:
44e8b72140c5937b35d5e11930f7894d
SHA1: 8d49dc7f490f9440bc696f6541d77fb475fc823a SHA256: 940ce76f327c39d19a5736ec21801f09c0f1b02f65fb91fad20dade63ac1916f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f635.tmp | 0.01 KB (8 bytes) |
MD5:
44e8b72140c5937b35d5e11930f7894d
SHA1: 8d49dc7f490f9440bc696f6541d77fb475fc823a SHA256: 940ce76f327c39d19a5736ec21801f09c0f1b02f65fb91fad20dade63ac1916f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f636.tmp | 0.01 KB (8 bytes) |
MD5:
44e8b72140c5937b35d5e11930f7894d
SHA1: 8d49dc7f490f9440bc696f6541d77fb475fc823a SHA256: 940ce76f327c39d19a5736ec21801f09c0f1b02f65fb91fad20dade63ac1916f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f637.tmp | 0.01 KB (8 bytes) |
MD5:
e6cb259c1703ccdd1197a25dd4942506
SHA1: ddf517ac9febd17ed5f2231aefccc1d03c9b1049 SHA256: fdaf5dbca4e66c9a3bdcd8d821342467ee34d931352acadcb9eef82d8bc73298 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f647.tmp | 0.01 KB (8 bytes) |
MD5:
e6cb259c1703ccdd1197a25dd4942506
SHA1: ddf517ac9febd17ed5f2231aefccc1d03c9b1049 SHA256: fdaf5dbca4e66c9a3bdcd8d821342467ee34d931352acadcb9eef82d8bc73298 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f648.tmp | 0.01 KB (8 bytes) |
MD5:
e6cb259c1703ccdd1197a25dd4942506
SHA1: ddf517ac9febd17ed5f2231aefccc1d03c9b1049 SHA256: fdaf5dbca4e66c9a3bdcd8d821342467ee34d931352acadcb9eef82d8bc73298 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f649.tmp | 0.01 KB (8 bytes) |
MD5:
e6cb259c1703ccdd1197a25dd4942506
SHA1: ddf517ac9febd17ed5f2231aefccc1d03c9b1049 SHA256: fdaf5dbca4e66c9a3bdcd8d821342467ee34d931352acadcb9eef82d8bc73298 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6b8.tmp | 0.01 KB (8 bytes) |
MD5:
d9ae701f5dd0b628c625a54059cb9744
SHA1: 49aee81e576bd9dbfba4d2ccf670b594bf53a140 SHA256: 6c4b9203660981bcdcec8d86415f9b4cdbee1c4471a1da2a90d0f8b4a6cd6290 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6c8.tmp | 0.01 KB (8 bytes) |
MD5:
c4559a377c8f3401cca201ae5c720ef7
SHA1: 3562ca4504eb475d1b1041998c7dac1318917d40 SHA256: 0cb503a6c00617b3243aade53619796743a68a841325b68bdb34d2248164e300 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6c9.tmp | 0.01 KB (8 bytes) |
MD5:
c4559a377c8f3401cca201ae5c720ef7
SHA1: 3562ca4504eb475d1b1041998c7dac1318917d40 SHA256: 0cb503a6c00617b3243aade53619796743a68a841325b68bdb34d2248164e300 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6da.tmp | 0.01 KB (8 bytes) |
MD5:
3d47d77bc99f5fe1d95276a04cce1137
SHA1: ed18709babbec5fdbddf0dd8aabb12bf68fea721 SHA256: d07a04edff9dc3e382e4852c5af20f3fc0d8aa10e925a89c38c4d555fd4f9f78 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6db.tmp | 0.01 KB (8 bytes) |
MD5:
3d47d77bc99f5fe1d95276a04cce1137
SHA1: ed18709babbec5fdbddf0dd8aabb12bf68fea721 SHA256: d07a04edff9dc3e382e4852c5af20f3fc0d8aa10e925a89c38c4d555fd4f9f78 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6dc.tmp | 0.01 KB (8 bytes) |
MD5:
3d47d77bc99f5fe1d95276a04cce1137
SHA1: ed18709babbec5fdbddf0dd8aabb12bf68fea721 SHA256: d07a04edff9dc3e382e4852c5af20f3fc0d8aa10e925a89c38c4d555fd4f9f78 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6ed.tmp | 0.01 KB (8 bytes) |
MD5:
9eb625764eff9a5f53568df532d096ed
SHA1: d10090a0b0ad3cf65d7bf341298295b93c75213b SHA256: 5d14c595d307d37561310fc179766d170422b1cdf39cdca4e25e2d0153f92cb3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6ee.tmp | 0.01 KB (8 bytes) |
MD5:
9eb625764eff9a5f53568df532d096ed
SHA1: d10090a0b0ad3cf65d7bf341298295b93c75213b SHA256: 5d14c595d307d37561310fc179766d170422b1cdf39cdca4e25e2d0153f92cb3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6fe.tmp | 0.01 KB (8 bytes) |
MD5:
b5efbbd58f1dbb99e7fa14062ac32059
SHA1: 77fa96cf44e3939971ca3b9342b7b6c62c508187 SHA256: a7233f7c8b8a2957d37230ab75c25294696b7799ef4e5501ca51609331aa6a8e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f6ff.tmp | 0.01 KB (8 bytes) |
MD5:
b5efbbd58f1dbb99e7fa14062ac32059
SHA1: 77fa96cf44e3939971ca3b9342b7b6c62c508187 SHA256: a7233f7c8b8a2957d37230ab75c25294696b7799ef4e5501ca51609331aa6a8e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f700.tmp | 0.01 KB (8 bytes) |
MD5:
b5efbbd58f1dbb99e7fa14062ac32059
SHA1: 77fa96cf44e3939971ca3b9342b7b6c62c508187 SHA256: a7233f7c8b8a2957d37230ab75c25294696b7799ef4e5501ca51609331aa6a8e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f701.tmp | 0.01 KB (8 bytes) |
MD5:
e26e61abc079fd0947f6a6a8b92eb4a7
SHA1: 7f76ab35199a93d5e2c0e6fdb557f3307278241a SHA256: f808fc0bccf2dff452da42c01e07725c2da632190bd91a5f6c6699cc91fdeb3f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f712.tmp | 0.01 KB (8 bytes) |
MD5:
e26e61abc079fd0947f6a6a8b92eb4a7
SHA1: 7f76ab35199a93d5e2c0e6fdb557f3307278241a SHA256: f808fc0bccf2dff452da42c01e07725c2da632190bd91a5f6c6699cc91fdeb3f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f722.tmp | 0.01 KB (8 bytes) |
MD5:
4d65fe16cac0bcd7260a56a45bcf8f5d
SHA1: f62d92c1bc87085916fe4e42952634f38083f67b SHA256: 8e804af1c8c68413dbc3bf40dc1b88ac1a6e5d545d07262995317429e3befeb6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f723.tmp | 0.01 KB (8 bytes) |
MD5:
4d65fe16cac0bcd7260a56a45bcf8f5d
SHA1: f62d92c1bc87085916fe4e42952634f38083f67b SHA256: 8e804af1c8c68413dbc3bf40dc1b88ac1a6e5d545d07262995317429e3befeb6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f724.tmp | 0.01 KB (8 bytes) |
MD5:
4d65fe16cac0bcd7260a56a45bcf8f5d
SHA1: f62d92c1bc87085916fe4e42952634f38083f67b SHA256: 8e804af1c8c68413dbc3bf40dc1b88ac1a6e5d545d07262995317429e3befeb6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f725.tmp | 0.01 KB (8 bytes) |
MD5:
4d65fe16cac0bcd7260a56a45bcf8f5d
SHA1: f62d92c1bc87085916fe4e42952634f38083f67b SHA256: 8e804af1c8c68413dbc3bf40dc1b88ac1a6e5d545d07262995317429e3befeb6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f736.tmp | 0.01 KB (8 bytes) |
MD5:
f8afc9c6812316cec7696bb2a37678a3
SHA1: aaf7be35be5cc96b7b25100d4ab1b49f53752284 SHA256: 90624a7ba75f055bed571c30352161717c67572d7623e8936c9989b930990696 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f737.tmp | 0.01 KB (8 bytes) |
MD5:
f8afc9c6812316cec7696bb2a37678a3
SHA1: aaf7be35be5cc96b7b25100d4ab1b49f53752284 SHA256: 90624a7ba75f055bed571c30352161717c67572d7623e8936c9989b930990696 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f738.tmp | 0.01 KB (8 bytes) |
MD5:
f8afc9c6812316cec7696bb2a37678a3
SHA1: aaf7be35be5cc96b7b25100d4ab1b49f53752284 SHA256: 90624a7ba75f055bed571c30352161717c67572d7623e8936c9989b930990696 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f749.tmp | 0.01 KB (8 bytes) |
MD5:
c42ccc8f7fbc68f572190e4e1572d7de
SHA1: c237aac1bfdd06bbfeb577aaa3edc0d5e763d198 SHA256: 68dc58bf8e170ef3616394c060f41602c6bff4ebd2bdf8225dc24c20832d9068 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f74a.tmp | 0.01 KB (8 bytes) |
MD5:
c42ccc8f7fbc68f572190e4e1572d7de
SHA1: c237aac1bfdd06bbfeb577aaa3edc0d5e763d198 SHA256: 68dc58bf8e170ef3616394c060f41602c6bff4ebd2bdf8225dc24c20832d9068 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f75a.tmp | 0.01 KB (8 bytes) |
MD5:
1465f646c10c7a837ad269d7406b7648
SHA1: 2127e787799c9e7d732630fc4dfb1ea4d0617aad SHA256: 18c80ffadcc8321911f11ad7c61f13d1be11378edcceb69494fe84a366393896 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f75b.tmp | 0.01 KB (8 bytes) |
MD5:
1465f646c10c7a837ad269d7406b7648
SHA1: 2127e787799c9e7d732630fc4dfb1ea4d0617aad SHA256: 18c80ffadcc8321911f11ad7c61f13d1be11378edcceb69494fe84a366393896 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f75c.tmp | 0.01 KB (8 bytes) |
MD5:
1465f646c10c7a837ad269d7406b7648
SHA1: 2127e787799c9e7d732630fc4dfb1ea4d0617aad SHA256: 18c80ffadcc8321911f11ad7c61f13d1be11378edcceb69494fe84a366393896 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f77d.tmp | 0.01 KB (8 bytes) |
MD5:
bcce097053a3f275ce63b83cc9003344
SHA1: 940b3f697a8db360b6583033e24b09217e81b226 SHA256: d7d4ea3fb166395e6967e5f2aeb2a9099cd58fc3c0bd5c4c2b02f9876411c6f4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f77e.tmp | 0.01 KB (8 bytes) |
MD5:
bcce097053a3f275ce63b83cc9003344
SHA1: 940b3f697a8db360b6583033e24b09217e81b226 SHA256: d7d4ea3fb166395e6967e5f2aeb2a9099cd58fc3c0bd5c4c2b02f9876411c6f4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f78e.tmp | 0.01 KB (8 bytes) |
MD5:
2772d0360800271925bf506615111529
SHA1: ae6369b1f7b9a6b43c7cdbaf3245e8f1f54fd0e3 SHA256: 159758f584f37f9f1f2b5317516c5a55814a2532cd4014a3f6b580d7d42b8b42 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f78f.tmp | 0.01 KB (8 bytes) |
MD5:
2772d0360800271925bf506615111529
SHA1: ae6369b1f7b9a6b43c7cdbaf3245e8f1f54fd0e3 SHA256: 159758f584f37f9f1f2b5317516c5a55814a2532cd4014a3f6b580d7d42b8b42 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f790.tmp | 0.01 KB (8 bytes) |
MD5:
2772d0360800271925bf506615111529
SHA1: ae6369b1f7b9a6b43c7cdbaf3245e8f1f54fd0e3 SHA256: 159758f584f37f9f1f2b5317516c5a55814a2532cd4014a3f6b580d7d42b8b42 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7a1.tmp | 0.01 KB (8 bytes) |
MD5:
2677f86fc97191cfdcf4df7911e67aaa
SHA1: 96f634f884f15734c7288f84f3b2d75ee84a3b68 SHA256: 5189b0d164dcaf3e4cc07d9401f77ec50cc9fc77957fff4acc1c7aa374a3d584 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7b1.tmp | 0.01 KB (8 bytes) |
MD5:
f0c25a3aa9b0acff64a2af4b9cf1afd3
SHA1: c42fcede3a7f5920d2cfa0a2a3ee3e1348f1779e SHA256: 4a0e739848ed9baf99b6ac33eff9047b483488bbaf9039c7d996eb9e1752fe6f |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7c2.tmp | 0.01 KB (8 bytes) |
MD5:
1948b9f403d68cd6844908aabcc5c939
SHA1: 67e3f5a917854dd20c1f7cd6ec9848514967ba58 SHA256: 8522cb0c4505729ace062d2b3c3647447ef8fbf03a1e9c5f1acc638bf78cff5b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7c3.tmp | 0.01 KB (8 bytes) |
MD5:
1948b9f403d68cd6844908aabcc5c939
SHA1: 67e3f5a917854dd20c1f7cd6ec9848514967ba58 SHA256: 8522cb0c4505729ace062d2b3c3647447ef8fbf03a1e9c5f1acc638bf78cff5b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7d4.tmp | 0.01 KB (8 bytes) |
MD5:
bd51cab61855f9d12f4d77bc8385e650
SHA1: 2b6c410e14106ae324de9ebd37a3f50ef2116bb0 SHA256: 4901e09aaca43a2224b3d3ab32d7bfb8aa2811168c7c56e847450c90977ff47c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7d5.tmp | 0.01 KB (8 bytes) |
MD5:
bd51cab61855f9d12f4d77bc8385e650
SHA1: 2b6c410e14106ae324de9ebd37a3f50ef2116bb0 SHA256: 4901e09aaca43a2224b3d3ab32d7bfb8aa2811168c7c56e847450c90977ff47c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f7e5.tmp | 0.01 KB (8 bytes) |
MD5:
db556c7c5654a84643530888819e14fa
SHA1: 02c237a4065b907e3f5633d14ed2eb3724d15a7c SHA256: 45ec52e9a1b57b459fec2e02f20ee3e068b84a29ce3879f504d41ed2bec6e2f7 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f806.tmp | 0.01 KB (8 bytes) |
MD5:
0b35b5699bddbc69989221709be7da6f
SHA1: 5c0a221bea8809640159e961559f2581fc57c7ae SHA256: 5d9a9fb8e5859dbd9b32a5ab686bd912418accdfb41a8d92066e314a0a12cdd4 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f816.tmp | 0.01 KB (8 bytes) |
MD5:
f036b8921890b0d10f00a5bf5bdec729
SHA1: be34e2dd32efe37497f5edcc21d63c56bdc8c9a2 SHA256: 586b668ed7a5c3b8adbf7304f8d0ba1e81b7f6db1c8e28f36cf0d84cdb496085 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f827.tmp | 0.01 KB (8 bytes) |
MD5:
34f91cc086c33b49dd108f5b14450c89
SHA1: e6bed0a0920ac06a427b3bc6a3243128a7eb50a9 SHA256: 28df75a9d1d3bbfd16bc948c6efe745cdba2d547b02b6f075ca9b8d3f3f26e29 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f837.tmp | 0.01 KB (8 bytes) |
MD5:
5d788fedeae6f1d83c718b993aaf0edd
SHA1: ff657760b607416f954c0d0f02cd4081f1bf8884 SHA256: 38dd54a874e8468282ba8fda9eb499c8c9279e5ecbcfdee55be0059a1c9c4fac |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f838.tmp | 0.01 KB (8 bytes) |
MD5:
5d788fedeae6f1d83c718b993aaf0edd
SHA1: ff657760b607416f954c0d0f02cd4081f1bf8884 SHA256: 38dd54a874e8468282ba8fda9eb499c8c9279e5ecbcfdee55be0059a1c9c4fac |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f849.tmp | 0.01 KB (8 bytes) |
MD5:
e7afa0433ffd6793611c0a074ae02376
SHA1: 81765b7c10b940e6b6a118e2c4830b581485ca05 SHA256: d356cc8eb66171878f6a4055f83203f1ee1de244eb98f46917db817182bed6a5 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f84a.tmp | 0.01 KB (8 bytes) |
MD5:
e7afa0433ffd6793611c0a074ae02376
SHA1: 81765b7c10b940e6b6a118e2c4830b581485ca05 SHA256: d356cc8eb66171878f6a4055f83203f1ee1de244eb98f46917db817182bed6a5 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f84b.tmp | 0.01 KB (8 bytes) |
MD5:
e7afa0433ffd6793611c0a074ae02376
SHA1: 81765b7c10b940e6b6a118e2c4830b581485ca05 SHA256: d356cc8eb66171878f6a4055f83203f1ee1de244eb98f46917db817182bed6a5 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f85c.tmp | 0.01 KB (8 bytes) |
MD5:
73b3446145b1a005af670273cae6c659
SHA1: 1a5f91c6abd1921fdc318aee04047214c53b7728 SHA256: 2e0cb62b2237bf00fc5d0cac237814459bc1a8c55af3a8322a516be603f607b7 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f86c.tmp | 0.01 KB (8 bytes) |
MD5:
53b31cba57364071f0b92fde987dbb3d
SHA1: 5ce79151e953a2e7274fed831cbbad2172425346 SHA256: c8d9a97dda600fdc3fd84b54389f23829622ab669cc670f6f1b38726dc8b0566 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f86d.tmp | 0.01 KB (8 bytes) |
MD5:
53b31cba57364071f0b92fde987dbb3d
SHA1: 5ce79151e953a2e7274fed831cbbad2172425346 SHA256: c8d9a97dda600fdc3fd84b54389f23829622ab669cc670f6f1b38726dc8b0566 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f89d.tmp | 0.01 KB (8 bytes) |
MD5:
95da43c0275776c1345d8855df05c984
SHA1: 58ee37d07d867952be28228ea30697d807db2114 SHA256: 42904201e2d09103766321fa614bd05f4a00c54de19288f8aff55e05ea5d6a70 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f89e.tmp | 0.01 KB (8 bytes) |
MD5:
95da43c0275776c1345d8855df05c984
SHA1: 58ee37d07d867952be28228ea30697d807db2114 SHA256: 42904201e2d09103766321fa614bd05f4a00c54de19288f8aff55e05ea5d6a70 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f89f.tmp | 0.01 KB (8 bytes) |
MD5:
a09268114b4cb6df8a6767265fa71727
SHA1: b51ae0ee85cbeb67a4aa34a88bcbb8aa174c6221 SHA256: 4341640a4f141d3a35ab3c57580e1d2c9f71e3442ede2896bbf72f07968b3766 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8cf.tmp | 0.01 KB (8 bytes) |
MD5:
c1e7b3719d3e604334d4ea5170a9da97
SHA1: 814555207667f27a53e2e8a503c560032c132172 SHA256: aa09ad35144137e416e44096a8b9c5f5053673e504744d69a28ab53539de015c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8e0.tmp | 0.01 KB (8 bytes) |
MD5:
ad613ffd617822549d6c82e66c06dd4c
SHA1: 4bd9d96d580efbdc14c7a2c24fa3403fbee0faec SHA256: df541758b76999b1786e35e3c6f9afab27889d377e60f31b21cea992d2cf3fc6 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8f0.tmp | 0.01 KB (8 bytes) |
MD5:
c9d7caaccde02d9cbe0f9af60d6827dc
SHA1: 95a6a85dc88f99e224cf7a6fef66214033274a22 SHA256: 624b42c6e21d8e6392d494035eb838afc665f04bf8154cbebd3f99eab87a8777 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f8f1.tmp | 0.01 KB (8 bytes) |
MD5:
c9d7caaccde02d9cbe0f9af60d6827dc
SHA1: 95a6a85dc88f99e224cf7a6fef66214033274a22 SHA256: 624b42c6e21d8e6392d494035eb838afc665f04bf8154cbebd3f99eab87a8777 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f902.tmp | 0.01 KB (8 bytes) |
MD5:
e483e583f1511325f2fa9904bb27fa70
SHA1: 4cd5bdd3a2fe1eec6fa520609fed4def59fd727f SHA256: 8226ebf822344f196d7f95a18bf20c7803664fa10947a9b73a8ef71083b33ad2 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f903.tmp | 0.01 KB (8 bytes) |
MD5:
e483e583f1511325f2fa9904bb27fa70
SHA1: 4cd5bdd3a2fe1eec6fa520609fed4def59fd727f SHA256: 8226ebf822344f196d7f95a18bf20c7803664fa10947a9b73a8ef71083b33ad2 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f914.tmp | 0.01 KB (8 bytes) |
MD5:
dd1e78498286fe8b7914235fbfe4772a
SHA1: fb9888908deb70127878642bd1b74e5817873dc8 SHA256: 157c5610fdba420b1bcd3f2bf7a2dbaa541da0a951f077471f5b0024ec858d6e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f915.tmp | 0.01 KB (8 bytes) |
MD5:
dd1e78498286fe8b7914235fbfe4772a
SHA1: fb9888908deb70127878642bd1b74e5817873dc8 SHA256: 157c5610fdba420b1bcd3f2bf7a2dbaa541da0a951f077471f5b0024ec858d6e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f916.tmp | 0.01 KB (8 bytes) |
MD5:
dd1e78498286fe8b7914235fbfe4772a
SHA1: fb9888908deb70127878642bd1b74e5817873dc8 SHA256: 157c5610fdba420b1bcd3f2bf7a2dbaa541da0a951f077471f5b0024ec858d6e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f926.tmp | 0.01 KB (8 bytes) |
MD5:
b0e57fcf3eb588d105106b90168b352c
SHA1: ee62a235a427b229dfbeb59ff0c66e891b1ea9fc SHA256: 99e24199c9a832f4839c7e5c749dc99d2ef728004c42a30c6896edd5ada9a466 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f927.tmp | 0.01 KB (8 bytes) |
MD5:
b0e57fcf3eb588d105106b90168b352c
SHA1: ee62a235a427b229dfbeb59ff0c66e891b1ea9fc SHA256: 99e24199c9a832f4839c7e5c749dc99d2ef728004c42a30c6896edd5ada9a466 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f928.tmp | 0.01 KB (8 bytes) |
MD5:
b0e57fcf3eb588d105106b90168b352c
SHA1: ee62a235a427b229dfbeb59ff0c66e891b1ea9fc SHA256: 99e24199c9a832f4839c7e5c749dc99d2ef728004c42a30c6896edd5ada9a466 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f939.tmp | 0.01 KB (8 bytes) |
MD5:
6779791e5c451ee29f3f08eeecbdf3f1
SHA1: 0d10e85482ca5dfeaef1dccd914da033aaf479eb SHA256: 34bc853f027d1404caec15171d9d51a5e79f6ef0a423b7bbda419e71d6750288 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f93a.tmp | 0.01 KB (8 bytes) |
MD5:
6779791e5c451ee29f3f08eeecbdf3f1
SHA1: 0d10e85482ca5dfeaef1dccd914da033aaf479eb SHA256: 34bc853f027d1404caec15171d9d51a5e79f6ef0a423b7bbda419e71d6750288 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f94a.tmp | 0.01 KB (8 bytes) |
MD5:
b04c67deab4025f734171f9b27454cbe
SHA1: a36bb54f7d0f7545656de9e1a5d5efc9475f6a30 SHA256: 71127f5ad12f0455cabb4dc16456a9ea5004c3686b2c366961b59c5dac0f35ae |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f96b.tmp | 0.01 KB (8 bytes) |
MD5:
f19a90ae7e669a69bff86c46ea7815da
SHA1: 1994848ee4007ab80507cec3a98864d3214e9691 SHA256: a6af512d23f2e48b9184b61e0bfb9f9fc355d743e9fd10cbc97aeba44a27005b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f96c.tmp | 0.01 KB (8 bytes) |
MD5:
03dbace4773f49af413532681a14eec1
SHA1: bd48ed36b583498d83f67b28dcb029354af96ef3 SHA256: 59c055358a9142b72e21a30eb0492ce9af9cfbf4189768c8eca4d48f71029bc0 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f96d.tmp | 0.01 KB (8 bytes) |
MD5:
03dbace4773f49af413532681a14eec1
SHA1: bd48ed36b583498d83f67b28dcb029354af96ef3 SHA256: 59c055358a9142b72e21a30eb0492ce9af9cfbf4189768c8eca4d48f71029bc0 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f98d.tmp | 0.01 KB (8 bytes) |
MD5:
741a7dea8e76eb32e7142675d554f22b
SHA1: 6b605107d3827f9c9ffd4029b72ccdd72628cdc2 SHA256: 8007de0dbdecff7d678e651c68a0b12b0dc20651fcdb628fc090c3084afeadd3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f98e.tmp | 0.01 KB (8 bytes) |
MD5:
741a7dea8e76eb32e7142675d554f22b
SHA1: 6b605107d3827f9c9ffd4029b72ccdd72628cdc2 SHA256: 8007de0dbdecff7d678e651c68a0b12b0dc20651fcdb628fc090c3084afeadd3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f99f.tmp | 0.01 KB (8 bytes) |
MD5:
897a33741143f50b74704df8eec736d9
SHA1: 526a435f2efd108412d4088b073cabfeef22bac9 SHA256: bc7df27c00dd642509782a90f9d1b9dea55de8234d9de3890bd72c5f62ed56da |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9a0.tmp | 0.01 KB (8 bytes) |
MD5:
897a33741143f50b74704df8eec736d9
SHA1: 526a435f2efd108412d4088b073cabfeef22bac9 SHA256: bc7df27c00dd642509782a90f9d1b9dea55de8234d9de3890bd72c5f62ed56da |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9c0.tmp | 0.01 KB (8 bytes) |
MD5:
c32740bd78c0eda34b5e1272188e4bbe
SHA1: a5cc6a17b4a4e1ad7e0ea976d5989bbe2df6ba9a SHA256: dc2dba534fc133d5c92dd22761408da96ce04131d96f35f6808fd2dc21bb7374 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9c1.tmp | 0.01 KB (8 bytes) |
MD5:
c32740bd78c0eda34b5e1272188e4bbe
SHA1: a5cc6a17b4a4e1ad7e0ea976d5989bbe2df6ba9a SHA256: dc2dba534fc133d5c92dd22761408da96ce04131d96f35f6808fd2dc21bb7374 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9c2.tmp | 0.01 KB (8 bytes) |
MD5:
c32740bd78c0eda34b5e1272188e4bbe
SHA1: a5cc6a17b4a4e1ad7e0ea976d5989bbe2df6ba9a SHA256: dc2dba534fc133d5c92dd22761408da96ce04131d96f35f6808fd2dc21bb7374 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9d2.tmp | 0.01 KB (8 bytes) |
MD5:
7bfacda96d83ac7a5eab6029ed31d8d3
SHA1: 2b648c326cc2b2ee0a9f1cc4618d82ad1931571f SHA256: 6e4a86d543899fe2a0739fd7395794ed3f485f157b40dc2ca93817e3b604b913 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9d3.tmp | 0.01 KB (8 bytes) |
MD5:
7bfacda96d83ac7a5eab6029ed31d8d3
SHA1: 2b648c326cc2b2ee0a9f1cc4618d82ad1931571f SHA256: 6e4a86d543899fe2a0739fd7395794ed3f485f157b40dc2ca93817e3b604b913 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9d4.tmp | 0.01 KB (8 bytes) |
MD5:
7bfacda96d83ac7a5eab6029ed31d8d3
SHA1: 2b648c326cc2b2ee0a9f1cc4618d82ad1931571f SHA256: 6e4a86d543899fe2a0739fd7395794ed3f485f157b40dc2ca93817e3b604b913 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9e5.tmp | 0.01 KB (8 bytes) |
MD5:
8ac380e6de1059d479390edacc24a177
SHA1: fd26c908afa389126339d2688cfe38988c66d52d SHA256: 4f2143552d67291e7516198a09565806a4bd7c6ed70f8ed7f6f70326e54db657 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9e6.tmp | 0.01 KB (8 bytes) |
MD5:
8ac380e6de1059d479390edacc24a177
SHA1: fd26c908afa389126339d2688cfe38988c66d52d SHA256: 4f2143552d67291e7516198a09565806a4bd7c6ed70f8ed7f6f70326e54db657 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\f9f7.tmp | 0.01 KB (8 bytes) |
MD5:
125843ec029a307caee53b4425fbd0e3
SHA1: 05789d4895e3a75820e0f1e1a219abbb8f3755ec SHA256: 41350403f48627cc9cb7443ba08ddaf9e285945ec92ce302c10cb17d836a900c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa07.tmp | 0.01 KB (8 bytes) |
MD5:
32bc58962b0017f1042a028ce6cd759c
SHA1: e857327c6c51dfd5f689e8703d9ab1292cedf6d6 SHA256: 09cd28b840d6944ed8ebb3b83a724556f693e4e08237ff5ce84c0d20ba24675b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa08.tmp | 0.01 KB (8 bytes) |
MD5:
32bc58962b0017f1042a028ce6cd759c
SHA1: e857327c6c51dfd5f689e8703d9ab1292cedf6d6 SHA256: 09cd28b840d6944ed8ebb3b83a724556f693e4e08237ff5ce84c0d20ba24675b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa09.tmp | 0.01 KB (8 bytes) |
MD5:
32bc58962b0017f1042a028ce6cd759c
SHA1: e857327c6c51dfd5f689e8703d9ab1292cedf6d6 SHA256: 09cd28b840d6944ed8ebb3b83a724556f693e4e08237ff5ce84c0d20ba24675b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa0a.tmp | 0.01 KB (8 bytes) |
MD5:
32bc58962b0017f1042a028ce6cd759c
SHA1: e857327c6c51dfd5f689e8703d9ab1292cedf6d6 SHA256: 09cd28b840d6944ed8ebb3b83a724556f693e4e08237ff5ce84c0d20ba24675b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa1b.tmp | 0.01 KB (8 bytes) |
MD5:
c861afd8ab2c119e747b9038121efbd4
SHA1: e4ef07dbdf70890a1ea1f4ce8c70ca3591809e3b SHA256: f44eb347a2110f8913a5ed5c5e9924f7a631103eb659a1b5b4e5dc35938d0b45 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa2c.tmp | 0.01 KB (8 bytes) |
MD5:
5c8edf47a392abb29245c0e97c788d2a
SHA1: c8c9e10829621d8a837d039bbbc0ae90bf56f3df SHA256: fce9e4ccb87999fb59ee2e263f81df07f922388a0dbf4287833a5289c4d992b3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa2d.tmp | 0.01 KB (8 bytes) |
MD5:
5c8edf47a392abb29245c0e97c788d2a
SHA1: c8c9e10829621d8a837d039bbbc0ae90bf56f3df SHA256: fce9e4ccb87999fb59ee2e263f81df07f922388a0dbf4287833a5289c4d992b3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa2e.tmp | 0.01 KB (8 bytes) |
MD5:
5c8edf47a392abb29245c0e97c788d2a
SHA1: c8c9e10829621d8a837d039bbbc0ae90bf56f3df SHA256: fce9e4ccb87999fb59ee2e263f81df07f922388a0dbf4287833a5289c4d992b3 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa3e.tmp | 0.01 KB (8 bytes) |
MD5:
ad92c5adef9404e652c1be24d9595274
SHA1: daef89630ad3aa8530b2d78ddd5a3839655ee87f SHA256: 38e33077367c38f9ec31aa9cf565a8cf75989237bbafe13fd01b4e34f12d2873 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa3f.tmp | 0.01 KB (8 bytes) |
MD5:
ad92c5adef9404e652c1be24d9595274
SHA1: daef89630ad3aa8530b2d78ddd5a3839655ee87f SHA256: 38e33077367c38f9ec31aa9cf565a8cf75989237bbafe13fd01b4e34f12d2873 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa50.tmp | 0.01 KB (8 bytes) |
MD5:
ed0ea0131bd1863d91c1615d80148e0b
SHA1: 201e52a437c5b55eaf17ee2d2685ef39e4e77310 SHA256: e063b195f6b560352ca55d6b39967e1601c3b18ab9264069d844120ad6798bf7 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa51.tmp | 0.01 KB (8 bytes) |
MD5:
ed0ea0131bd1863d91c1615d80148e0b
SHA1: 201e52a437c5b55eaf17ee2d2685ef39e4e77310 SHA256: e063b195f6b560352ca55d6b39967e1601c3b18ab9264069d844120ad6798bf7 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa52.tmp | 0.01 KB (8 bytes) |
MD5:
adb1ec5b8fff0370b151c026632030f2
SHA1: 1d513be75293975e4281946cd43c72c46f79605e SHA256: 0e6f743e28b5364aecef7a7a1f029993567f93edf44b36f3c98953df7c74fbee |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa62.tmp | 0.01 KB (8 bytes) |
MD5:
adb1ec5b8fff0370b151c026632030f2
SHA1: 1d513be75293975e4281946cd43c72c46f79605e SHA256: 0e6f743e28b5364aecef7a7a1f029993567f93edf44b36f3c98953df7c74fbee |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa63.tmp | 0.01 KB (8 bytes) |
MD5:
adb1ec5b8fff0370b151c026632030f2
SHA1: 1d513be75293975e4281946cd43c72c46f79605e SHA256: 0e6f743e28b5364aecef7a7a1f029993567f93edf44b36f3c98953df7c74fbee |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa74.tmp | 0.01 KB (8 bytes) |
MD5:
288eb2692b7d4dabd18b3cd550d15b5e
SHA1: a742c56e5c9f1c78535a2d5c3d1b512ecc903701 SHA256: 63052ebdc0c14a1f49a392276d6846fede6bce315e1c4787d62da9d1a64cecd5 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa85.tmp | 0.01 KB (8 bytes) |
MD5:
138f3113f76d726288c4e978cb0413f2
SHA1: 611ca0828647b0ac4ea3bcd22f3c28686824a101 SHA256: 573fd261ce7b58332e9f24a7c4a17d2224e3d0d4c48941e5e03297a7d305f35b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa86.tmp | 0.01 KB (8 bytes) |
MD5:
138f3113f76d726288c4e978cb0413f2
SHA1: 611ca0828647b0ac4ea3bcd22f3c28686824a101 SHA256: 573fd261ce7b58332e9f24a7c4a17d2224e3d0d4c48941e5e03297a7d305f35b |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa96.tmp | 0.01 KB (8 bytes) |
MD5:
418548d74f249fbcc5f08511e5c7bb56
SHA1: b751b27e5a560d2973a7432be8e37d02686faf24 SHA256: 146953e94da698ad13f60d6002476e2ee28273caff5ab17f059f1d9b97054b2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa97.tmp | 0.01 KB (8 bytes) |
MD5:
418548d74f249fbcc5f08511e5c7bb56
SHA1: b751b27e5a560d2973a7432be8e37d02686faf24 SHA256: 146953e94da698ad13f60d6002476e2ee28273caff5ab17f059f1d9b97054b2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa98.tmp | 0.01 KB (8 bytes) |
MD5:
418548d74f249fbcc5f08511e5c7bb56
SHA1: b751b27e5a560d2973a7432be8e37d02686faf24 SHA256: 146953e94da698ad13f60d6002476e2ee28273caff5ab17f059f1d9b97054b2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fa99.tmp | 0.01 KB (8 bytes) |
MD5:
418548d74f249fbcc5f08511e5c7bb56
SHA1: b751b27e5a560d2973a7432be8e37d02686faf24 SHA256: 146953e94da698ad13f60d6002476e2ee28273caff5ab17f059f1d9b97054b2c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\faaa.tmp | 0.01 KB (8 bytes) |
MD5:
0511f1993ecc2f294faa8dace502d19c
SHA1: 98ee28a4f58bdac0f7e0ddc22e03a7f530956408 SHA256: fc0750c6642725c86799dc19741bc1a529186a18530d7fd030a3668e961b30b7 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\faca.tmp | 0.01 KB (8 bytes) |
MD5:
b5975ffa385dc00cc1ee73251b6f7cdf
SHA1: 87164e350ca6d29c9ea1aa778ea40372a8eef860 SHA256: 5e7554b0e9e8cdd55822716d16264911814f41976e4476e112c3a46bda5316df |
|
|
| c:\users\ciihmn~1\appdata\local\temp\facb.tmp | 0.01 KB (8 bytes) |
MD5:
b5975ffa385dc00cc1ee73251b6f7cdf
SHA1: 87164e350ca6d29c9ea1aa778ea40372a8eef860 SHA256: 5e7554b0e9e8cdd55822716d16264911814f41976e4476e112c3a46bda5316df |
|
|
| c:\users\ciihmn~1\appdata\local\temp\facc.tmp | 0.01 KB (8 bytes) |
MD5:
93c8cf85d0d5b115d17169d1e9308d1c
SHA1: 0253e619a7e637ad4e0dc752f4847c5031faa630 SHA256: 77cef3d40b18c42fe9b813a853be8711f1b2f971da24c26fba35d44122d84b89 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\facd.tmp | 0.01 KB (8 bytes) |
MD5:
93c8cf85d0d5b115d17169d1e9308d1c
SHA1: 0253e619a7e637ad4e0dc752f4847c5031faa630 SHA256: 77cef3d40b18c42fe9b813a853be8711f1b2f971da24c26fba35d44122d84b89 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb4b.tmp | 0.01 KB (8 bytes) |
MD5:
a03c7050677123d24e0f908411639daf
SHA1: faad9f20113781013e8895743428e74fb4abf633 SHA256: cf4c4c6109dcf0a94857fefd4dc36767bf61ca3885e9e575481096e24f290e4c |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb6b.tmp | 0.01 KB (8 bytes) |
MD5:
5021321237c3cbcedbe86bc2eda5575f
SHA1: 8282b1d20c1cbb3149c3269733801eeb9a3de567 SHA256: 402bea642f6fa667bdd43ffe9acea915addead54da069c3282d074e05c03eb8e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb6c.tmp | 0.01 KB (8 bytes) |
MD5:
5021321237c3cbcedbe86bc2eda5575f
SHA1: 8282b1d20c1cbb3149c3269733801eeb9a3de567 SHA256: 402bea642f6fa667bdd43ffe9acea915addead54da069c3282d074e05c03eb8e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb6d.tmp | 0.01 KB (8 bytes) |
MD5:
5021321237c3cbcedbe86bc2eda5575f
SHA1: 8282b1d20c1cbb3149c3269733801eeb9a3de567 SHA256: 402bea642f6fa667bdd43ffe9acea915addead54da069c3282d074e05c03eb8e |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb7e.tmp | 0.01 KB (8 bytes) |
MD5:
3b6d47524dd9aadcd8087e8066cfedbb
SHA1: 95e7c67e66d21b44a437cd408c1fe891073218e9 SHA256: 8a14e9bef42d8e77d645765a27de8d55846007ef73b48a4cdf37619801f93ce2 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb7f.tmp | 0.01 KB (8 bytes) |
MD5:
3b6d47524dd9aadcd8087e8066cfedbb
SHA1: 95e7c67e66d21b44a437cd408c1fe891073218e9 SHA256: 8a14e9bef42d8e77d645765a27de8d55846007ef73b48a4cdf37619801f93ce2 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb90.tmp | 0.01 KB (8 bytes) |
MD5:
f98f23a4f9e6dc8f433d6c263e6ad636
SHA1: ca167eead7432324b32261a98f0b05f6fd581edc SHA256: df020e01c7255d67feab95591a7b9b90718d3d556352a17d5bc29c5a8df7cc41 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fb91.tmp | 0.01 KB (8 bytes) |
MD5:
f98f23a4f9e6dc8f433d6c263e6ad636
SHA1: ca167eead7432324b32261a98f0b05f6fd581edc SHA256: df020e01c7255d67feab95591a7b9b90718d3d556352a17d5bc29c5a8df7cc41 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fba1.tmp | 0.01 KB (8 bytes) |
MD5:
b8403b24cec2c2fe3ad8d388ff5c2692
SHA1: 391d3e10403f244ec1919fca4dd1bf5d2180d73a SHA256: 232b42d82017c86b66aa5f4dcd362c5be6aee746f55e8465a4eb1e62eb6fae3d |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fba2.tmp | 0.01 KB (8 bytes) |
MD5:
b8403b24cec2c2fe3ad8d388ff5c2692
SHA1: 391d3e10403f244ec1919fca4dd1bf5d2180d73a SHA256: 232b42d82017c86b66aa5f4dcd362c5be6aee746f55e8465a4eb1e62eb6fae3d |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fba3.tmp | 0.01 KB (8 bytes) |
MD5:
b8403b24cec2c2fe3ad8d388ff5c2692
SHA1: 391d3e10403f244ec1919fca4dd1bf5d2180d73a SHA256: 232b42d82017c86b66aa5f4dcd362c5be6aee746f55e8465a4eb1e62eb6fae3d |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb4.tmp | 0.01 KB (8 bytes) |
MD5:
e307f8f8f230a2dd8989867ae53a7840
SHA1: d6a7d14aeffddf8a05d8c52aaf0e949cc8af4df9 SHA256: f4d61ad4fa3f52aa710ba9ef52a71b9c8faa9dbbb52ff66c47b4441febe8c6e9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb5.tmp | 0.01 KB (8 bytes) |
MD5:
e307f8f8f230a2dd8989867ae53a7840
SHA1: d6a7d14aeffddf8a05d8c52aaf0e949cc8af4df9 SHA256: f4d61ad4fa3f52aa710ba9ef52a71b9c8faa9dbbb52ff66c47b4441febe8c6e9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb6.tmp | 0.01 KB (8 bytes) |
MD5:
e307f8f8f230a2dd8989867ae53a7840
SHA1: d6a7d14aeffddf8a05d8c52aaf0e949cc8af4df9 SHA256: f4d61ad4fa3f52aa710ba9ef52a71b9c8faa9dbbb52ff66c47b4441febe8c6e9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbb7.tmp | 0.01 KB (8 bytes) |
MD5:
e307f8f8f230a2dd8989867ae53a7840
SHA1: d6a7d14aeffddf8a05d8c52aaf0e949cc8af4df9 SHA256: f4d61ad4fa3f52aa710ba9ef52a71b9c8faa9dbbb52ff66c47b4441febe8c6e9 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbd7.tmp | 0.01 KB (8 bytes) |
MD5:
644b05368f7512cae99e3857f9027bcf
SHA1: 690f3b113810afc8e70466194bf436cc1312b33e SHA256: 864f9116027c7a0276777094e7a0f8dc73993c34f9123c7d978ee744e4dbd500 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbd8.tmp | 0.01 KB (8 bytes) |
MD5:
644b05368f7512cae99e3857f9027bcf
SHA1: 690f3b113810afc8e70466194bf436cc1312b33e SHA256: 864f9116027c7a0276777094e7a0f8dc73993c34f9123c7d978ee744e4dbd500 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbe9.tmp | 0.01 KB (8 bytes) |
MD5:
29a8e19f453787602095a98287b92983
SHA1: b7e1af9f360642f06d7d75a41e09838bdfc71afc SHA256: d7c0b9600744ea6c64c05815a19cf3d91ada60e64edeeb3f9a3b5fbc98a22ee1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbea.tmp | 0.01 KB (8 bytes) |
MD5:
29a8e19f453787602095a98287b92983
SHA1: b7e1af9f360642f06d7d75a41e09838bdfc71afc SHA256: d7c0b9600744ea6c64c05815a19cf3d91ada60e64edeeb3f9a3b5fbc98a22ee1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbeb.tmp | 0.01 KB (8 bytes) |
MD5:
29a8e19f453787602095a98287b92983
SHA1: b7e1af9f360642f06d7d75a41e09838bdfc71afc SHA256: d7c0b9600744ea6c64c05815a19cf3d91ada60e64edeeb3f9a3b5fbc98a22ee1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbec.tmp | 0.01 KB (8 bytes) |
MD5:
29a8e19f453787602095a98287b92983
SHA1: b7e1af9f360642f06d7d75a41e09838bdfc71afc SHA256: d7c0b9600744ea6c64c05815a19cf3d91ada60e64edeeb3f9a3b5fbc98a22ee1 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbfc.tmp | 0.01 KB (8 bytes) |
MD5:
03b26eefb62150cc56da444a144e9be1
SHA1: f40a7f3e6c9d8b7a979d4d776a32767bb79bc89f SHA256: 1160ca78c4e98eda9addcb9966a4e56df9f102fcc1a9e48f3e6f512ff2974b61 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbfd.tmp | 0.01 KB (8 bytes) |
MD5:
03b26eefb62150cc56da444a144e9be1
SHA1: f40a7f3e6c9d8b7a979d4d776a32767bb79bc89f SHA256: 1160ca78c4e98eda9addcb9966a4e56df9f102fcc1a9e48f3e6f512ff2974b61 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fbfe.tmp | 0.01 KB (8 bytes) |
MD5:
03b26eefb62150cc56da444a144e9be1
SHA1: f40a7f3e6c9d8b7a979d4d776a32767bb79bc89f SHA256: 1160ca78c4e98eda9addcb9966a4e56df9f102fcc1a9e48f3e6f512ff2974b61 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc0f.tmp | 0.01 KB (8 bytes) |
MD5:
474a65b62cb05adc115bbd1ede09301b
SHA1: 919343acf762452776e634a9bf202c30fb6a7f9b SHA256: 99eae660e8a11ebd18d71e8faf2fea8b3cfc95ae93bf339ff326e8e65b53a293 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc10.tmp | 0.01 KB (8 bytes) |
MD5:
474a65b62cb05adc115bbd1ede09301b
SHA1: 919343acf762452776e634a9bf202c30fb6a7f9b SHA256: 99eae660e8a11ebd18d71e8faf2fea8b3cfc95ae93bf339ff326e8e65b53a293 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc11.tmp | 0.01 KB (8 bytes) |
MD5:
474a65b62cb05adc115bbd1ede09301b
SHA1: 919343acf762452776e634a9bf202c30fb6a7f9b SHA256: 99eae660e8a11ebd18d71e8faf2fea8b3cfc95ae93bf339ff326e8e65b53a293 |
|
|
| c:\users\ciihmn~1\appdata\local\temp\fc22.tmp | 0.01 KB (8 bytes) |
MD5:
e6a85d90c192b656121d5fb773bc9c7c
SHA1: f1923f3d154592e13686c626a452c5712572c703 SHA256: 4ab81fc69870779cdfccf4c642b53c832301c6173f803deb225a6e428b875813 |
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76bda330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76bd7580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76bd9910 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76bdf400 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x771ea200 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x771ea200 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x771ea200 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmn~1\appdata\local\temp\84526935.scr, file_name_orig = C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr, size = 260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76bd8b70 |
|
2 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwClose, address_out = 0x771f8cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationToken, address_out = 0x771f8df0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlNtStatusToDosError, address_out = 0x771e3010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwOpenProcess, address_out = 0x771f8e40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationProcess, address_out = 0x771f8d50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = mbstowcs, address_out = 0x771fe610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memset, address_out = 0x771fee50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x771fe7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x771f8f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtUnmapViewOfSection, address_out = 0x771f8e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtMapViewOfSection, address_out = 0x771f8e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlUpcaseUnicodeString, address_out = 0x771de040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateSection, address_out = 0x771f9080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwOpenProcessToken, address_out = 0x771f9d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlFreeUnicodeString, address_out = 0x771cb940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlUnwind, address_out = 0x771eaca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryVirtualMemory, address_out = 0x771f8e10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x75dd7c40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrRChrA, address_out = 0x75de2900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionA, address_out = 0x75de1db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrChrA, address_out = 0x75de26c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x75ddcd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x75dd80d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrChrW, address_out = 0x75dd6a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrTrimW, address_out = 0x75dd83a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameA, address_out = 0x75dd8970 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x76be60b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76be5f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76bdd8d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventA, address_out = 0x76be5f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateWaitableTimerA, address_out = 0x76bddb30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76be57f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76c00960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x76be6510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x76be61a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76be6590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x771cda90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x76be60c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x76be6380 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76bd7940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76bd2db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x76bfd320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76bd77b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76be6170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x76bd7540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76bd25e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76bd2d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetWaitableTimer, address_out = 0x76be60d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76bda4b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76be74f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76bd9950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76bdd940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76be6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76bd2b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76be61b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsA, address_out = 0x76c00da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x76c02a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address_out = 0x76bda280 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SuspendThread, address_out = 0x76bded00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpA, address_out = 0x76bdc1f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameA, address_out = 0x76be63f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x76be6140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x76be6410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76bd1b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x76be6360 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address_out = 0x76bdf7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileA, address_out = 0x76be6270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareFileTime, address_out = 0x76be6130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameW, address_out = 0x76bd47c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76bd92b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76bda300 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76bd1d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76be61d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x76bde320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x76bdc8c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x76bdefc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76be3a30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76be6530 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76be64a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76bd9560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76bda040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76be6180 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76bd2af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76bd8c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x76bd7610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76bd8b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x76be64f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76bfd410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x76be6150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76be62a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76bd87c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileA, address_out = 0x76be6210 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x74500000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address_out = 0x7452ddf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x7452ea00 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x75d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x75d5ee40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x75d8bda0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyA, address_out = 0x75d631a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x75d5ed40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x75d5ee90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x75d60ea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address_out = 0x75d63150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x75d5f0a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x75d60750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x75d60ca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyW, address_out = 0x75d5f590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExA, address_out = 0x75d62520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x75d5efa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x75d5ed60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x75d5f000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x75d60f50 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x74760000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x748f4cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x748f4370 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = 92, address_out = 0x749d7560 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x74640000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x76d5cd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x76d5dca0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmn~1\appdata\local\temp\84526935.scr, base_address = 0x400000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2D8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2E8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2E8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2E8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2E8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2E8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2F9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2F9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2F9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2F9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2F9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F2FC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F32C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F32C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F32C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F32C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F32C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F33F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F350.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F350.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F350.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F350.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F350.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F351.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F351.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F351.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F351.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F351.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F381.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F381.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F381.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F381.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F381.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F382.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F382.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F382.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F382.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F382.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F383.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F383.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F383.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F383.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F383.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F384.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F384.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F384.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F384.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F384.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F385.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F385.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F385.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F385.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F385.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F396.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F396.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F396.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F396.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F396.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F397.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F397.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F397.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F397.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F397.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F398.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F398.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F398.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F398.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F398.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F399.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F399.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F399.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F399.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F399.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F39A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F39A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F39A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F39A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F39A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3D9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3D9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3D9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3D9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3D9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3DA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3DA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3DA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3DA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3DA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3EC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3ED.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3ED.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3ED.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3ED.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3ED.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3FD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3FD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3FD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3FD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F3FD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F41E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F41E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F41E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F41E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F41E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F42F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F430.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F430.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F430.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F430.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F430.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F441.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F441.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F441.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F441.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F441.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F442.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F442.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F442.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F442.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F442.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F472.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F472.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F472.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F472.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F472.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F473.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F473.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F473.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F473.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F473.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F474.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F474.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F474.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F474.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F474.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F475.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F475.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F475.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F475.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F475.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F485.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F485.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F485.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F485.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F485.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F486.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F486.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F486.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F486.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F486.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F487.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F487.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F487.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F487.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F487.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F488.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F488.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F488.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F488.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F488.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F499.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F499.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F499.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F499.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F499.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4B9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4B9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4B9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4B9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4B9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4BB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4CF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4DF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4DF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4DF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4DF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4DF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4E0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4E0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4E0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4E0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4E0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F4F5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F506.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F506.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F506.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F506.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F506.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F507.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F507.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F507.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F507.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F507.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F508.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F508.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F508.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F508.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F508.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F509.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F509.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F509.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F509.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F509.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F50A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F50A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F50A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F50A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F50A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F51C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F53F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F540.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F540.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F540.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F540.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F540.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F541.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F541.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F541.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F541.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F541.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F551.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F551.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F551.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F551.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F551.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F552.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F552.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F552.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F552.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F552.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F553.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F553.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F553.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F553.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F553.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F554.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F554.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F554.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F554.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F554.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F565.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F565.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F565.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F565.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F565.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F566.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F566.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F566.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F566.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F566.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F567.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F567.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F567.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F567.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F567.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F568.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F568.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F568.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F568.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F568.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F569.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F569.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F569.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F569.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F569.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F579.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F579.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F579.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F579.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F579.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F57C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F58F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F590.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F590.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F590.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F590.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F590.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5A3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5B5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5C8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5D9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5D9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5D9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5D9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5D9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5E9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5E9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5E9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5E9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5E9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5EA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5EA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5EA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5EA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5EA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F5FD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F60F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F610.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F610.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F610.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F610.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F610.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F621.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F621.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F621.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F621.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F621.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F622.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F622.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F622.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F622.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F622.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F623.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F623.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F623.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F623.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F623.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F634.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F634.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F634.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F634.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F634.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F635.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F635.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F635.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F635.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F635.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F636.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F636.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F636.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F636.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F636.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F637.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F637.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F637.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F637.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F637.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F647.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F647.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F647.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F647.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F647.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F648.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F648.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F648.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F648.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F648.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F649.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F649.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F649.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F649.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F649.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6B8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6B8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6B8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6B8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6B8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6C9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6DC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6ED.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6ED.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6ED.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6ED.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6ED.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6EE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6EE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6EE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6EE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6EE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F6FF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F700.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F700.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F700.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F700.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F700.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F701.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F701.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F701.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F701.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F701.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F712.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F712.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F712.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F712.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F712.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F722.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F722.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F722.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F722.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F722.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F723.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F723.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F723.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F723.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F723.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F724.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F724.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F724.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F724.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F724.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F725.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F725.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F725.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F725.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F725.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F736.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F736.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F736.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F736.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F736.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F737.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F737.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F737.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F737.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F737.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F738.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F738.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F738.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F738.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F738.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F749.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F749.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F749.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F749.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F749.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F74A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F74A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F74A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F74A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F74A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F75C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F77E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F78F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F790.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F790.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F790.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F790.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F790.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7A1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7A1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7A1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7A1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7A1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7B1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7B1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7B1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7B1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7B1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7C3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7D5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7E5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7E5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7E5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7E5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F7E5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F806.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F806.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F806.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F806.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F806.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F816.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F816.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F816.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F816.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F816.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F827.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F827.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F827.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F827.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F827.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F837.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F837.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F837.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F837.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F837.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F838.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F838.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F838.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F838.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F838.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F849.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F849.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F849.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F849.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F849.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F84B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F85C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F85C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F85C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F85C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F85C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F86D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\F89F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
|
For performance reasons, the remaining 622 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | C:\Windows\system32\cmd.exe /c ""C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat" "C:\Users\CIIHMN~1\AppData\Roaming\MICROS~1\Amsisigd\Chakmcat.exe" "C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr"" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:24 |
| Information | Value |
|---|---|
| PID | 0xcc4 |
| Parent PID | 0xbec (c:\users\ciihmn~1\appdata\local\temp\84526935.scr) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CCC
0x
5B4
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x1350000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76c02780 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 40, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76bdfa80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76bda790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x760335c0 |
|
1 | |
| File | Get Info | filename = "C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat", type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
2 | |
| File | Read | size = 8191, size_out = 110 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
2 | |
| File | Read | size = 8191, size_out = 99 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 73 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 12 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
2 | |
| File | Read | size = 8191, size_out = 66 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 125 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0xd80, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
2 | |
| File | Read | size = 8191, size_out = 50 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 13 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 4 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
2 | |
| File | Read | size = 8191, size_out = 19 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
2 | |
| File | Read | size = 8191, size_out = 6 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Read | size = 8191, size_out = 0 |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 3 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 53 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, type = file_attributes |
|
1 | |
| File | Open | filename = \??\C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\697\FD09.bat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
2 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 33 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | cmd /C ""C:\Users\CIIHMN~1\AppData\Roaming\MICROS~1\Amsisigd\Chakmcat.exe" "C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr"" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:23 |
| Information | Value |
|---|---|
| PID | 0xd80 |
| Parent PID | 0xcc4 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D64
0x
D7C
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x1350000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76c02780 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 56, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x76bdfa80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76bda790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x760335c0 |
|
1 | |
| File | Get Info | filename = "C:\Users\CIIHMN~1\AppData\Roaming\MICROS~1\Amsisigd\Chakmcat.exe", type = file_attributes |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Users\CIIHMN~1\AppData\Roaming\MICROS~1\Amsisigd\Chakmcat.exe, os_pid = 0xd68, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe |
| Command Line | "C:\Users\CIIHMN~1\AppData\Roaming\MICROS~1\Amsisigd\Chakmcat.exe" "C:\Users\CIIHMN~1\AppData\Local\Temp\84526935.scr" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:23 |
| Information | Value |
|---|---|
| PID | 0xd68 |
| Parent PID | 0xd80 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D60
0x
D5C
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x76bda330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76bd7580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76bd9910 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x76bdf400 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x771ea200 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x771ea200 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x771ef190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x771ea200 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe, file_name_orig = C:\Users\CIIHMN~1\AppData\Roaming\MICROS~1\Amsisigd\Chakmcat.exe, size = 260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76bd8b70 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77190000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwClose, address_out = 0x771f8cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationToken, address_out = 0x771f8df0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlNtStatusToDosError, address_out = 0x771e3010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwOpenProcess, address_out = 0x771f8e40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationProcess, address_out = 0x771f8d50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = mbstowcs, address_out = 0x771fe610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memset, address_out = 0x771fee50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x771fe7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x771f8f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtUnmapViewOfSection, address_out = 0x771f8e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtMapViewOfSection, address_out = 0x771f8e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlUpcaseUnicodeString, address_out = 0x771de040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateSection, address_out = 0x771f9080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwOpenProcessToken, address_out = 0x771f9d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlFreeUnicodeString, address_out = 0x771cb940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlUnwind, address_out = 0x771eaca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryVirtualMemory, address_out = 0x771f8e10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x75dd7c40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrRChrA, address_out = 0x75de2900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionA, address_out = 0x75de1db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrChrA, address_out = 0x75de26c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x75ddcd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x75dd80d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrChrW, address_out = 0x75dd6a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrTrimW, address_out = 0x75dd83a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameA, address_out = 0x75dd8970 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x76be60b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76be5f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x76bdd8d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventA, address_out = 0x76be5f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateWaitableTimerA, address_out = 0x76bddb30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76be57f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76c00960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x76be6510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x76be61a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76be6590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x771cda90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x76be60c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x76be6380 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76bd7940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76bd2db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x76bfd320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76bd77b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76be6170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x76bd7540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76bd25e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76bd2d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetWaitableTimer, address_out = 0x76be60d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76bda4b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76be74f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76bd9640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76bd9950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x76bdd940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76be6110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76bd2b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76be61b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsA, address_out = 0x76c00da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x76c02a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address_out = 0x76bda280 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SuspendThread, address_out = 0x76bded00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpA, address_out = 0x76bdc1f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameA, address_out = 0x76be63f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x76be6140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x76be6410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76bd1b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x76be6360 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address_out = 0x76bdf7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileA, address_out = 0x76be6270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareFileTime, address_out = 0x76be6130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameW, address_out = 0x76bd47c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76bd92b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76bda300 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76bd1d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76be61d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x76bde320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x76bdc8c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x76bdefc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76be3a30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76be6530 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76be64a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76bd9560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x76bda040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76be6180 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76bd2af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76bd8c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x76bd7610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76bd8b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x76be64f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x76bfd410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x76be6150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x76be62a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x76bd87c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileA, address_out = 0x76be6210 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x74500000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address_out = 0x7452ddf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x7452ea00 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x75d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x75d5ee40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x75d8bda0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyA, address_out = 0x75d631a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x75d5ed40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x75d5ee90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x75d60ea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address_out = 0x75d63150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x75d5f0a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x75d60750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x75d60ca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyW, address_out = 0x75d5f590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExA, address_out = 0x75d62520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x75d5efa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x75d5ed60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x75d5f000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x75d60f50 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x74760000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x748f4cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x748f4370 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = 92, address_out = 0x749d7560 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x74640000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x76d5cd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x76d5dca0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe, base_address = 0x400000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12A6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12B9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12BA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12BA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12BA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12BA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12BA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12CD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12DD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12DD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12DD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12DD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12DD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12EF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\12F2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1302.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1302.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1302.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1302.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1302.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1303.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1303.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1303.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1303.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1303.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1304.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1304.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1304.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1304.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1304.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1305.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1305.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1305.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1305.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1305.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1316.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1316.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1316.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1316.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1316.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1317.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1317.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1317.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1317.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1317.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1318.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1318.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1318.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1318.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1318.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1319.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1319.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1319.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1319.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1319.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\131A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\131A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\131A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\131A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\131A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\132E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\133F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1340.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1340.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1340.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1340.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1340.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1341.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1341.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1341.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1341.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1341.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1352.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1352.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1352.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1352.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1352.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1353.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1353.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1353.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1353.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1353.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1354.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1354.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1354.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1354.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1354.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1355.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1355.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1355.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1355.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1355.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1375.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1375.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1375.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1375.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1375.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1376.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1376.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1376.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1376.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1376.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1387.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1387.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1387.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1387.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1387.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1388.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1388.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1388.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1388.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1388.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1389.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1389.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1389.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1389.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1389.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\138B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\139E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13AF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13AF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13AF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13AF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13AF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13B3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13C5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13D8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13E9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13E9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13E9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13E9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13E9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13EC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\13FF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1400.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1400.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1400.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1400.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1400.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1401.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1401.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1401.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1401.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1401.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1411.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1411.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1411.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1411.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1411.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1412.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1412.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1412.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1412.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1412.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1413.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1413.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1413.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1413.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1413.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1414.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1414.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1414.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1414.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1414.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1425.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1425.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1425.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1425.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1425.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1435.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1435.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1435.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1435.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1435.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1436.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1436.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1436.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1436.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1436.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1437.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1437.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1437.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1437.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1437.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1448.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1448.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1448.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1448.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1448.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1459.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1459.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1459.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1459.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1459.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\145A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\145A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\145A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\145A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\145A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\146E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\147F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\147F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\147F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\147F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\147F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1480.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1480.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1480.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1480.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1480.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1481.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1481.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1481.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1481.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1481.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1482.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1482.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1482.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1482.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1482.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1493.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1493.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1493.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1493.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1493.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1494.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1494.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1494.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1494.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1494.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1495.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1495.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1495.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1495.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1495.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1496.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1496.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1496.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1496.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1496.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1497.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1497.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1497.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1497.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1497.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14A9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14AB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14BF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14C0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14C0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14C0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14C0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14C0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14D4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14E9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\14FE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\150F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1510.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1510.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1510.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1510.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1510.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1511.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1511.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1511.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1511.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1511.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1512.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1512.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1512.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1512.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1512.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1523.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1523.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1523.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1523.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1523.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1524.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1524.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1524.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1524.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1524.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1525.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1525.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1525.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1525.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1525.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1526.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1526.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1526.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1526.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1526.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1527.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1527.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1527.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1527.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1527.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1528.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1528.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1528.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1528.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1528.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1539.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1539.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1539.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1539.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1539.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\153C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\154F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1560.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1560.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1560.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1560.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1560.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1561.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1561.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1561.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1561.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1561.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1562.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1562.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1562.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1562.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1562.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1563.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1563.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1563.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1563.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1563.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1564.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1564.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1564.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1564.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1564.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1574.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1574.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1574.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1574.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1574.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1575.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1575.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1575.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1575.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1575.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1576.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1576.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1576.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1576.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1576.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1577.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1577.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1577.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1577.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1577.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1578.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1578.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1578.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1578.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1578.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1579.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1579.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1579.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1579.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\1579.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\158E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\159F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\159F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\159F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\159F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\159F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15A2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15B5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15C9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15CA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15CA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15CA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15CA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15CA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\15DC.tmp, type = time |
|
1 | |
|
For performance reasons, the remaining 2697 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\Windows\system32\svchost.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:01, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:19 |
| Information | Value |
|---|---|
| PID | 0xd84 |
| Parent PID | 0xd68 (c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D88
0x
CBC
0x
9A4
0x
DD8
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000260000 | 0x00260000 | 0x002f1fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007f766000 | 0x7f766000 | 0x7f766fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x0000006c8b260000 | 0x6c8b260000 | 0x6c8b27ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000006c8b260000 | 0x6c8b260000 | 0x6c8b26ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b270000 | 0x6c8b270000 | 0x6c8b271fff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe.mui | 0x6c8b270000 | 0x6c8b270fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000006c8b280000 | 0x6c8b280000 | 0x6c8b293fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000006c8b2a0000 | 0x6c8b2a0000 | 0x6c8b31ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000006c8b320000 | 0x6c8b320000 | 0x6c8b323fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000006c8b330000 | 0x6c8b330000 | 0x6c8b330fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000006c8b340000 | 0x6c8b340000 | 0x6c8b341fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x6c8b350000 | 0x6c8b40dfff | Memory Mapped File | Readable |
|
|
|
|
| imm32.dll | 0x6c8b410000 | 0x6c8b443fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000006c8b410000 | 0x6c8b410000 | 0x6c8b410fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b420000 | 0x6c8b420000 | 0x6c8b420fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b450000 | 0x6c8b450000 | 0x6c8b456fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b460000 | 0x6c8b460000 | 0x6c8b4dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b500000 | 0x6c8b500000 | 0x6c8b5fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b600000 | 0x6c8b600000 | 0x6c8b648fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b650000 | 0x6c8b650000 | 0x6c8b84ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000006c8b650000 | 0x6c8b650000 | 0x6c8b6e1fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000006c8b700000 | 0x6c8b700000 | 0x6c8b7fffff | Private Memory | Readable, Writable |
|
|
|
|
| ole32.dll | 0x6c8b800000 | 0x6c8b940fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000006c8b800000 | 0x6c8b800000 | 0x6c8b9d8fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000006c8b800000 | 0x6c8b800000 | 0x6c8b987fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000006c8b9d0000 | 0x6c8b9d0000 | 0x6c8b9d8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8b9e0000 | 0x6c8b9e0000 | 0x6c8bbdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8ba00000 | 0x6c8ba00000 | 0x6c8bafffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8bb00000 | 0x6c8bb00000 | 0x6c8bcfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8bb00000 | 0x6c8bb00000 | 0x6c8bbfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8bc00000 | 0x6c8bc00000 | 0x6c8bdfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8bc00000 | 0x6c8bc00000 | 0x6c8bcfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8bd00000 | 0x6c8bd00000 | 0x6c8befffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000006c8bd00000 | 0x6c8bd00000 | 0x6c8bdfffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000006c8be00000 | 0x6c8be00000 | 0x6c8bf80fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000006c8bf90000 | 0x6c8bf90000 | 0x6c8d38ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x6c8d390000 | 0x6c8d6c6fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00007df5ffc50000 | 0x7df5ffc50000 | 0x7ff5ffc4ffff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x00007ff6c6f90000 | 0x7ff6c6f90000 | 0x7ff6c708ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff6c7090000 | 0x7ff6c7090000 | 0x7ff6c70b2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff6c70b6000 | 0x7ff6c70b6000 | 0x7ff6c70b6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff6c70bc000 | 0x7ff6c70bc000 | 0x7ff6c70bdfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff6c70be000 | 0x7ff6c70be000 | 0x7ff6c70bffff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x7ff6c7e00000 | 0x7ff6c7e0cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7ffb39960000 | 0x7ffb3998bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb3a800000 | 0x7ffb3a9dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7ffb3a9f0000 | 0x7ffb3aa40fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb3bf80000 | 0x7ffb3c0a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb3c290000 | 0x7ffb3c2c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7ffb3c2d0000 | 0x7ffb3c375fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb3c3e0000 | 0x7ffb3c564fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb3c650000 | 0x7ffb3c79dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb3c950000 | 0x7ffb3c9aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7ffb3c9b0000 | 0x7ffb3ca6dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x7ffb3cc70000 | 0x7ffb3ceebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb3cf10000 | 0x7ffb3cfacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x7ffb3cfb0000 | 0x7ffb3cfb7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb3d020000 | 0x7ffb3d17bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb3d260000 | 0x7ffb3d30cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb3d310000 | 0x7ffb3d4d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #7: c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe | 0xd60 | address = 0x260000, size = 598016 |
|
1 | |
| Modify Memory | #7: c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe | 0xd60 | address = 0x300000, size = 792 |
|
1 | |
| Modify Control Flow | #7: c:\users\ciihmn~1\appdata\roaming\micros~1\amsisigd\chakmcat.exe | 0xd60 | os_tid = 0xd88, address = 0xc70b6000 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0x6c8b31fa10 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0x6c8b31fa10 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:38 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x7ffb3d27e960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb3c2ed610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb3a9f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrRChrA, address_out = 0x7ffb3aa04dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb3c650000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = wsprintfA, address_out = 0x7ffb3c672610 |
|
1 | |
| Mutex | Create | mutex_name = {BB8A49DA-DE80-A5F2-C01F-F2A9F4C346ED} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffb3a800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffb3c2fec40 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb3cfb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcessModules, address_out = 0x7ffb3cfb1040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
16 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:38 (UTC) |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyA, address_out = 0x7ffb3c2eb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffb3c2e7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffb3c2e72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrToIntExA, address_out = 0x7ffb3aa04e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrChrA, address_out = 0x7ffb3aa04cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrTrimA, address_out = 0x7ffb3aa04e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetShellWindow, address_out = 0x7ffb3c674060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetWindowThreadProcessId, address_out = 0x7ffb3c664040 |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = RtlExitUserThread, address_out = 0x7ffb3d319fa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address_out = 0x7ffb3d2a26d0 |
|
1 | |
| Thread | Create | process_name = c:\windows\explorer.exe, proc_address = 0x7ffb3d319fa0, proc_parameter = 0, flags = THREAD_CREATE_SUSPENDED |
|
1 | |
| Memory | Read | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0xcb0 |
|
1 | |
| Thread | Suspend | process_name = c:\windows\explorer.exe, os_tid = 0xcb0 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0xcb0 |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 466191773984 |
|
1 | |
| Module | Map | process_name = c:\windows\system32\svchost.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x6c8b650000 |
|
1 | |
| Module | Map | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0xeda0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\ntdll.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\ntdll.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\ntdll.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0x6c8b31eb80, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 466191772552 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0xcb0 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x900000, size = 792 |
|
1 | |
| Thread | Set Context | process_name = c:\windows\explorer.exe, os_tid = 0xcb0 |
|
1 | |
| Module | Unmap | process_name = c:\windows\system32\svchost.exe |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0xcb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyA, address_out = 0x7ffb3c316dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, data = 76, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameW, address_out = 0x7ffb3c2eda40 |
|
1 | |
| System | Get Computer Name | - |
|
1 | |
| System | Get Computer Name | result_out = LHNIWSJ |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegSetValueExA, address_out = 0x7ffb3c2d2680 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, size = 40, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Scr, type = REG_NONE |
|
1 |
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:02, Reason: Injection |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:18 |
| Information | Value |
|---|---|
| PID | 0x728 |
| Parent PID | 0xffffffffffffffff (Unknown) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D74
0x
F88
0x
47C
0x
7F4
0x
7D4
0x
AD8
0x
B90
0x
B88
0x
B84
0x
B80
0x
B7C
0x
B78
0x
B74
0x
B60
0x
B5C
0x
A80
0x
A7C
0x
A58
0x
A38
0x
A20
0x
A1C
0x
A18
0x
A14
0x
A10
0x
A0C
0x
A08
0x
A04
0x
9FC
0x
9F8
0x
9D0
0x
9B0
0x
940
0x
92C
0x
918
0x
8F4
0x
8E4
0x
8E0
0x
8D8
0x
8D0
0x
8CC
0x
8C8
0x
8A0
0x
894
0x
88C
0x
878
0x
86C
0x
868
0x
864
0x
858
0x
854
0x
850
0x
84C
0x
848
0x
844
0x
840
0x
83C
0x
838
0x
834
0x
82C
0x
828
0x
824
0x
820
0x
81C
0x
808
0x
804
0x
6FC
0x
724
0x
CB0
0x
DEC
0x
DE4
0x
E40
0x
E1C
0x
DFC
0x
E60
0x
258
0x
818
0x
274
0x
438
0x
664
0x
ECC
0x
EE8
0x
F94
0x
D3C
0x
F5C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000750000 | 0x00750000 | 0x0075ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000760000 | 0x00760000 | 0x00766fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000770000 | 0x00770000 | 0x00783fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000790000 | 0x00790000 | 0x0080ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000810000 | 0x00810000 | 0x00813fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000820000 | 0x00820000 | 0x00822fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000830000 | 0x00830000 | 0x00831fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00840000 | 0x008fdfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000910000 | 0x00910000 | 0x00911fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000920000 | 0x00920000 | 0x00922fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000930000 | 0x00930000 | 0x00931fff | Pagefile Backed Memory | Readable |
|
|
|
|
| wscui.cpl.mui | 0x00940000 | 0x00951fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000980000 | 0x00980000 | 0x00986fff | Private Memory | Readable, Writable |
|
|
|
|
| explorer.exe.mui | 0x00990000 | 0x00997fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000009a0000 | 0x009a0000 | 0x00a9ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x00c27fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000c30000 | 0x00c30000 | 0x00c30fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000c40000 | 0x00c40000 | 0x00c40fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000c50000 | 0x00c50000 | 0x00c50fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x00c60fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000c90000 | 0x00c90000 | 0x00c9ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000ca0000 | 0x00ca0000 | 0x00e20fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000e30000 | 0x00e30000 | 0x0222ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.1.db | 0x02230000 | 0x02233fff | Memory Mapped File | Readable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db | 0x02240000 | 0x02261fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002270000 | 0x02270000 | 0x02270fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002280000 | 0x02280000 | 0x022fffff | Private Memory | Readable, Writable |
|
|
|
|
| {3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000030.db | 0x02300000 | 0x0231bfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002320000 | 0x02320000 | 0x02322fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002330000 | 0x02330000 | 0x02332fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002340000 | 0x02340000 | 0x0234ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x02350000 | 0x02686fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002690000 | 0x02690000 | 0x0270ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002710000 | 0x02710000 | 0x0278ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002790000 | 0x02790000 | 0x0280ffff | Private Memory | Readable, Writable |
|
|
|
|
| shell32.dll.mui | 0x02810000 | 0x02870fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002880000 | 0x02880000 | 0x028a9fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x028b0000 | 0x0298efff | Memory Mapped File | Readable |
|
|
|
|
| thumbcache_idx.db | 0x02990000 | 0x02991fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x00000000029a0000 | 0x029a0000 | 0x029a1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| hcproviders.dll.mui | 0x029b0000 | 0x029b1fff | Memory Mapped File | Readable |
|
|
|
|
| actioncenter.dll.mui | 0x029c0000 | 0x029cafff | Memory Mapped File | Readable |
|
|
|
|
| thumbcache_idx.db | 0x029d0000 | 0x029d1fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| iconcache_idx.db | 0x029e0000 | 0x029e1fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| thumbcache_idx.db | 0x029f0000 | 0x029f1fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| iconcache_idx.db | 0x02a00000 | 0x02a01fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000002a10000 | 0x02a10000 | 0x02a8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002a90000 | 0x02a90000 | 0x02b0ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002b10000 | 0x02b10000 | 0x02b11fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002b20000 | 0x02b20000 | 0x02b21fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x02b30000 | 0x02b31fff | Memory Mapped File | Readable |
|
|
|
|
| oleaccrc.dll.mui | 0x02b40000 | 0x02b44fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002b50000 | 0x02b50000 | 0x02c07fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002c10000 | 0x02c10000 | 0x02c13fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002c20000 | 0x02c20000 | 0x02d1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002d20000 | 0x02d20000 | 0x02e1ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002e20000 | 0x02e20000 | 0x02e26fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002e30000 | 0x02e30000 | 0x02e32fff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x02e40000 | 0x03e7ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003e80000 | 0x03e80000 | 0x03e80fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e90000 | 0x03e90000 | 0x03e90fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003ea0000 | 0x03ea0000 | 0x03ea0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003eb0000 | 0x03eb0000 | 0x03eb2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000003ec0000 | 0x03ec0000 | 0x03f3ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f40000 | 0x03f40000 | 0x03f41fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f50000 | 0x03f50000 | 0x03f50fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f60000 | 0x03f60000 | 0x03f60fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f70000 | 0x03f70000 | 0x03f70fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003f80000 | 0x03f80000 | 0x03f80fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003f90000 | 0x03f90000 | 0x03f9ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003fa0000 | 0x03fa0000 | 0x03faffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003fb0000 | 0x03fb0000 | 0x03fbffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003fc0000 | 0x03fc0000 | 0x03fc0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003fd0000 | 0x03fd0000 | 0x03fd0fff | Private Memory | Readable, Writable |
|
|
|
|
| cversions.1.db | 0x03fe0000 | 0x03fe3fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003ff0000 | 0x03ff0000 | 0x03ff0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004000000 | 0x04000000 | 0x04000fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004010000 | 0x04010000 | 0x04010fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004020000 | 0x04020000 | 0x04022fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004030000 | 0x04030000 | 0x04030fff | Private Memory | Readable, Writable |
|
|
|
|
| cversions.2.db | 0x04040000 | 0x04043fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004050000 | 0x04050000 | 0x040cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000040d0000 | 0x040d0000 | 0x04108fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004110000 | 0x04110000 | 0x04110fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004120000 | 0x04120000 | 0x04122fff | Pagefile Backed Memory | Readable |
|
|
|
|
| stobject.dll.mui | 0x04130000 | 0x04131fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000004140000 | 0x04140000 | 0x04142fff | Pagefile Backed Memory | Readable |
|
|
|
|
| inputswitch.dll.mui | 0x04150000 | 0x04151fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004160000 | 0x04160000 | 0x04160fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004170000 | 0x04170000 | 0x04172fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004180000 | 0x04180000 | 0x04181fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004190000 | 0x04190000 | 0x0420ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004210000 | 0x04210000 | 0x0428ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004290000 | 0x04290000 | 0x04292fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x042a0000 | 0x042a3fff | Memory Mapped File | Readable |
|
|
|
|
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db | 0x042b0000 | 0x042f2fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004300000 | 0x04300000 | 0x0437ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004380000 | 0x04380000 | 0x043fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004400000 | 0x04400000 | 0x04400fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004410000 | 0x04410000 | 0x0448ffff | Private Memory | Readable, Writable |
|
|
|
|
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x04490000 | 0x0451afff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004520000 | 0x04520000 | 0x0459ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000045a0000 | 0x045a0000 | 0x045a0fff | Private Memory | Readable, Writable |
|
|
|
|
| propsys.dll.mui | 0x045b0000 | 0x045c0fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000045d0000 | 0x045d0000 | 0x0464ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004650000 | 0x04650000 | 0x046cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000046d0000 | 0x046d0000 | 0x0474ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004750000 | 0x04750000 | 0x047cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000047d0000 | 0x047d0000 | 0x0484ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004850000 | 0x04850000 | 0x048cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000048d0000 | 0x048d0000 | 0x050cffff | Private Memory | - |
|
|
|
|
| pagefile_0x00000000050d0000 | 0x050d0000 | 0x055c1fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000055d0000 | 0x055d0000 | 0x056cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000056d0000 | 0x056d0000 | 0x0574ffff | Private Memory | Readable, Writable |
|
|
|
|
| msxml6r.dll | 0x05750000 | 0x05750fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000005760000 | 0x05760000 | 0x05766fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005770000 | 0x05770000 | 0x057effff | Private Memory | Readable, Writable |
|
|
|
|
| winnlsres.dll | 0x057f0000 | 0x057f4fff | Memory Mapped File | Readable |
|
|
|
|
| winnlsres.dll.mui | 0x05800000 | 0x0580ffff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000005810000 | 0x05810000 | 0x05810fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005820000 | 0x05820000 | 0x05820fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005830000 | 0x05830000 | 0x05830fff | Private Memory | Readable, Writable |
|
|
|
|
| mswsock.dll.mui | 0x05840000 | 0x05842fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000005850000 | 0x05850000 | 0x0585ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005860000 | 0x05860000 | 0x0595ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005960000 | 0x05960000 | 0x059dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000059e0000 | 0x059e0000 | 0x05a5ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005a60000 | 0x05a60000 | 0x05adffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005ae0000 | 0x05ae0000 | 0x05b5ffff | Private Memory | Readable, Writable |
|
|
|
|
| iconcache_256.db | 0x05b60000 | 0x05b60fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| iconcache_idx.db | 0x05b70000 | 0x05b71fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000005b80000 | 0x05b80000 | 0x05b82fff | Pagefile Backed Memory | Readable |
|
|
|
|
| sndvolsso.dll.mui | 0x05b90000 | 0x05b91fff | Memory Mapped File | Readable |
|
|
|
|
| windows.storage.dll.mui | 0x05ba0000 | 0x05ba7fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000005bb0000 | 0x05bb0000 | 0x05bb2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000005bc0000 | 0x05bc0000 | 0x05bc0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| iconcache_256.db | 0x05bd0000 | 0x05bd0fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| pagefile_0x0000000005be0000 | 0x05be0000 | 0x05be2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000005bf0000 | 0x05bf0000 | 0x05bf0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005c00000 | 0x05c00000 | 0x05c08fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005c10000 | 0x05c10000 | 0x05c13fff | Private Memory | Readable, Writable |
|
|
|
|
| thumbcache_idx.db | 0x05c20000 | 0x05c21fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| netmsg.dll | 0x05c30000 | 0x05c30fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000005c40000 | 0x05c40000 | 0x05c40fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005c50000 | 0x05c50000 | 0x05c58fff | Private Memory | Readable, Writable |
|
|
|
|
| {3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000031.db | 0x05c60000 | 0x05c7afff | Memory Mapped File | Readable |
|
|
|
|
| thumbcache_idx.db | 0x05c90000 | 0x05c91fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| imageres.dll.mui | 0x05ca0000 | 0x05ca0fff | Memory Mapped File | Readable |
|
|
|
|
|
For performance reasons, the remaining 872 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #8: c:\windows\system32\svchost.exe | 0xd88 | address = 0x7ffb3d319fa0 |
|
1 | |
| Modify Memory | #8: c:\windows\system32\svchost.exe | 0xd88 | address = 0xeda0000, size = 598016 |
|
1 | |
| Modify Memory | #8: c:\windows\system32\svchost.exe | 0xd88 | address = 0x900000, size = 792 |
|
1 | |
| Modify Control Flow | #8: c:\windows\system32\svchost.exe | 0xd88 | os_tid = 0xcb0, address = 0x0 |
|
1 | |
| Modify Memory | #8: c:\windows\system32\svchost.exe | 0xd88 | address = 0x7ffb3d319fa0, size = 4 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Activation Manager Shim FTM |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\activationmanager.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = ExecModelProxy |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\execmodelproxy.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Immersive Shell |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = PSFactoryBuffer |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\ActXPrxy.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Sync root manager |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\shell32.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Network List Manager |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = PSFactoryBuffer |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\npmproxy.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\GameDVR, value_name = VKToggleGameBar, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = CLSID_NotificationController |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = CLSID_NotificationController Proxy Stub |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\NotificationControllerPS.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Start Menu Cache |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrCmpIW, address_out = 0x7ffb3a9fbe50 |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\shell32.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search, value_name = UseApp |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search, value_name = SearchboxTaskbarMode, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search, value_name = UseApp |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search, value_name = SearchboxTaskbarMode, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search, value_name = UseApp |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search, value_name = SearchboxTaskbarMode, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender, value_name = DisableAntiSpyware, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-time Protection, value_name = DisableRealtimeMonitoring, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender, value_name = DisableAntiSpyware, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-time Protection, value_name = DisableRealtimeMonitoring, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = CustomActivator, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = ForcePersonableToasts, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance, value_name = ShowInActionCenter, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Current\\Windows.SystemToast.SecurityAndMaintenance\196, value_name = ImageFileUri, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Current\\Windows.SystemToast.SecurityAndMaintenance\196, value_name = ImageFileUri, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Shared Task Scheduler |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\windows.storage.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Apartment |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | - |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\windowscodecs.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = PaintDesktopVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | - |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\dataexchange.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = PaintDesktopVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = PaintDesktopVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Control Panel\Desktop, value_name = PaintDesktopVersion, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x5e8fe50 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0x5e8fe50 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0x5e8fe50 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:38 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x7ffb3d27e960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb3c2ed610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb3a9f0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrRChrA, address_out = 0x7ffb3aa04dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb3c650000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = wsprintfA, address_out = 0x7ffb3c672610 |
|
1 | |
| Mutex | Create | mutex_name = {0F90C438-223E-19A7-A4B3-765D18970AE1} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = NTDLL.DLL, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = kernelbase, base_address = 0x7ffb3a800000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffb3c2fec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetShellWindow, address_out = 0x7ffb3c674060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowThreadProcessId, address_out = 0x7ffb3c664040 |
|
1 | |
| Module | Get Handle | module_name = NTDLL.DLL, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = ADVAPI32.DLL, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = ADVAPI32.DLL, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb3cfb0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = EnumProcessModules, address_out = 0x7ffb3cfb1040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
63 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:39 (UTC) |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyA, address_out = 0x7ffb3c2eb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffb3c2e7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffb3c2e72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrToIntExA, address_out = 0x7ffb3aa04e70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrChrA, address_out = 0x7ffb3aa04cc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrTrimA, address_out = 0x7ffb3aa04e80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCreateKeyA, address_out = 0x7ffb3c316dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, type = REG_BINARY |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffb3cb20000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateStreamOnHGlobal, address_out = 0x7ffb3cc970a0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Handle | module_name = ADVAPI32.DLL, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| File | Create Pipe | pipe_name = \device\namedpipe\{d0964750-ef7b-8278-f904-93d63d78776a}, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, pipe_mode = PIPE_TYPE_MESSAGE, max_instances = 255 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | module_name = Unknown module name, function = StrStrIA, address_out = 0x7ffb3a9fe1c0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = WINHTTP.dll, base_address = 0x7ffb333f0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpOpen, address_out = 0x7ffb3340bc40 |
|
1 | |
| Inet | Open Session | access_type = WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpConnect, address_out = 0x7ffb33409550 |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = titanliquor.ca, server_port = 80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpOpenRequest, address_out = 0x7ffb33409c10 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /images/A/2.tif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpQueryOption, address_out = 0x7ffb333f1900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpSetOption, address_out = 0x7ffb33407a20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpSendRequest, address_out = 0x7ffb33408330 |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = titanliquor.ca/images/A/2.tif |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpReceiveResponse, address_out = 0x7ffb33408c80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpQueryHeaders, address_out = 0x7ffb33406d90 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_RAW_HEADERS_CRLF |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_RAW_HEADERS_CRLF, size_out = 710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpQueryDataAvailable, address_out = 0x7ffb33416ac0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpReadData, address_out = 0x7ffb33404200 |
|
1 | |
| Inet | Read Response | size = 3693, size_out = 3693 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 2280, size_out = 2280 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
4 | |
| Inet | Read Response | size = 2492, size_out = 2492 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
11 | |
| Inet | Read Response | size = 1408, size_out = 1408 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
3 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
2 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 2232, size_out = 2232 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
8 | |
| Inet | Read Response | size = 2080, size_out = 2080 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
14 | |
| Inet | Read Response | size = 736, size_out = 736 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
12 | |
| Inet | Read Response | size = 3120, size_out = 3120 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
13 | |
| Inet | Read Response | size = 3380, size_out = 3380 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 3164, size_out = 3164 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
10 | |
| Inet | Read Response | size = 2600, size_out = 2600 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
11 | |
| Inet | Read Response | size = 1408, size_out = 1408 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 3684, size_out = 3684 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
36 | |
| Inet | Read Response | size = 3552, size_out = 3552 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 3164, size_out = 3164 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 2232, size_out = 2232 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 2232, size_out = 2232 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
4 | |
| Inet | Read Response | size = 1040, size_out = 1040 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 3164, size_out = 3164 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
7 | |
| Inet | Read Response | size = 368, size_out = 368 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
13 | |
| Inet | Read Response | size = 476, size_out = 476 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
516 | |
| Inet | Read Response | size = 3556, size_out = 3556 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpCloseHandle, address_out = 0x7ffb33405860 |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| Inet | Close Session | - |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\6DB4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\6DB4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\6DB4.tmp, size = 3162112 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = TorClient, size = 46, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = TorClient, type = REG_BINARY |
|
2 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\6DB4.tmp, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\6DB4.tmp, type = size |
|
1 | |
| File | Read | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\6DB4.tmp, size = 3162112, size_out = 3162112 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateEventW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetEnvironmentVariableA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CompareStringW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CompareStringA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateMutexW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = DisableThreadLibraryCalls, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = PeekNamedPipe, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetHandleInformation, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetSystemDirectoryW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LoadLibraryW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = TerminateProcess, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreatePipe, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FormatMessageW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetVersionExW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetSystemInfo, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetTempPathW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetModuleHandleW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = MultiByteToWideChar, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetStdHandle, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetFileType, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GlobalMemoryStatus, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FlushConsoleInputBuffer, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SystemTimeToFileTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSectionAndSpinCount, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = PostQueuedCompletionStatus, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FlsSetValue, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetCommandLineA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetDateFormatA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetTimeFormatA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ExitProcess, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetFileInformationByHandle, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetDriveTypeA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = MoveFileA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ExitThread, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LockFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = UnlockFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetFileTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LocalFileTimeToFileTime, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetFullPathNameA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = UnhandledExceptionFilter, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetUnhandledExceptionFilter, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RtlCaptureContext, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetConsoleCtrlHandler, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ReadConsoleInputA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetConsoleMode, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetConsoleMode, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetCurrentProcess, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = IsDebuggerPresent, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RtlVirtualUnwind, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RtlLookupFunctionEntry, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetCPInfo, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetACP, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetOEMCP, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = IsValidCodePage, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = EncodePointer, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = DecodePointer, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FlsGetValue, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FlsFree, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FlsAlloc, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetHandleCount, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetStartupInfoA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FreeEnvironmentStringsA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetEnvironmentStrings, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FreeEnvironmentStringsW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetEnvironmentStringsW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = HeapSetInformation, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RtlUnwindEx, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetTimeZoneInformation, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = HeapSize, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetStdHandle, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetCurrentDirectoryA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetConsoleCP, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LCMapStringA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = LCMapStringW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetProcessHeap, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetStringTypeA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetStringTypeW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetLocaleInfoA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = WriteConsoleA, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetConsoleOutputCP, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = WriteConsoleW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 22, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 112, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 17, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 20, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 52, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 57, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 111, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 23, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 3, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 1, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 16, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 19, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 4, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 21, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 7, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 13, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 14, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 15, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 115, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 18, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 10, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 116, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Load | module_name = CRYPT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CertOpenStore, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CertFreeCertificateContext, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CertFindCertificateInStore, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CertCloseStore, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CertGetCertificateContextProperty, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CertEnumCertificatesInStore, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CertDuplicateCertificateContext, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = GetProcessWindowStation, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = GetUserObjectInformationW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = MessageBoxW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CryptSignHashW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptGetProvParam, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptCreateHash, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptDestroyKey, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptDecrypt, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptDestroyHash, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptGetUserKey, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptAcquireContextW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptGenRandom, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RegQueryValueExW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RegOpenKeyExW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RegCloseKey, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = RegisterEventSourceW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = DeregisterEventSource, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = ReportEventW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptSetHashParam, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptExportKey, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptReleaseContext, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = CryptEnumProvidersW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = SHGetPathFromIDListW, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SHGetMalloc, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| Module | Get Address | function = SHGetSpecialFolderLocation, ordinal = 0, address_out = 0x5f0f3a0 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:58 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 159593 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Get Filename | module_name = SHELL32.dll, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Unmap | process_name = c:\windows\explorer.exe |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Windows\system32\c_1252.nls, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\c_1252.nls, type = time |
|
1 | |
| File | Create | filename = C:\Windows\system32\c_1252.nls, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\c_1252.nls, type = time |
|
1 | |
| File | Create | filename = C:\Windows\system32\c_1252.nls, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\c_1252.nls, type = time |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExW, address_out = 0x7ffb3c2e6c70 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = Accocca, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = Accocca, data = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Amsisigd\Chakmcat.exe, type = REG_SZ |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrChrW, address_out = 0x7ffb3a9fa2a0 |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Amsisigd\Chakmcat.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathCombineW, address_out = 0x7ffb3a9fd130 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrRChrW, address_out = 0x7ffb3a9fdd80 |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, type = size |
|
1 | |
| File | Read | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, size = 11465, size_out = 11465 |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, size = 48 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings, value_name = EnableSPDY3_0, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Module | Get Handle | module_name = kernelbase, base_address = 0x7ffb3a800000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
5 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlExitUserThread, address_out = 0x7ffb3d319fa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateRemoteThread, address_out = 0x7ffb3d2a26d0 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\runtimebroker.exe, proc_address = 0x7ffb3d319fa0, proc_parameter = 0, flags = THREAD_CREATE_SUSPENDED |
|
1 | |
| Memory | Read | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xe30 |
|
1 | |
| Thread | Suspend | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xe30 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xe30 |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 157544624 |
|
1 | |
| Module | Map | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0xf3c0000 |
|
1 | |
| Module | Map | process_name = c:\windows\system32\runtimebroker.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x942a670000 |
|
1 | |
| Module | Get Handle | module_name = NTDLL.DLL, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Filename | module_name = NTDLL.DLL, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = NTDLL.DLL, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = NTDLL.DLL, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\system32\runtimebroker.exe, address = 0x963eb10, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 157543192 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xe30 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x94282f0000, size = 792 |
|
1 | |
| Thread | Set Context | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xe30 |
|
1 | |
| Module | Unmap | process_name = c:\windows\explorer.exe |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb3d319fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xe30 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 140390 |
|
1 | |
| Module | Get Handle | module_name = Unknown module name, base_address = 0x7ff67bf70000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegisterClassA, address_out = 0x7ffb3c671310 |
|
1 | |
| Module | Get Handle | module_name = Unknown module name, base_address = 0x7ff67bf70000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateWindowExA, address_out = 0x7ffb3c674df0 |
|
1 | |
| Window | Create | class_name = {9696FF0D-1508-34C7-917A-554EEBBC4FB0}, wndproc_parameter = 249366880 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowLongPtrA, address_out = 0x7ffb3c65cae0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DefWindowProcA, address_out = 0x7ffb3d3a3230 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetWindowLongPtrA, address_out = 0x7ffb3c6661f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetMessageA, address_out = 0x7ffb3c66aa50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TranslateMessage, address_out = 0x7ffb3c6636a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DispatchMessageA, address_out = 0x7ffb3c6761e0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| File | Read | size = 16, size_out = 16 |
|
1 | |
| File | Write | size = 16 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Open | mutex_name = Local\{14572DFD-6357-66D5-8D88-47FA113C6BCE}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Local\{14572DFD-6357-66D5-8D88-47FA113C6BCE} |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathFindFileNameA, address_out = 0x7ffb3a9fcf30 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = {C2A3A3DE-3990-44FC-D316-7DB8B7AA016C}, type = REG_NONE |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:39 (UTC) |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExA, address_out = 0x7ffb3c2d2680 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = {C2A3A3DE-3990-44FC-D316-7DB8B7AA016C}, size = 8, type = REG_BINARY |
|
1 | |
| Mutex | Open | mutex_name = Local\{2EBE0010-B5EF-903D-AF42-B9C45396FD38}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Local\{2EBE0010-B5EF-903D-AF42-B9C45396FD38} |
|
1 | |
| Mutex | Open | mutex_name = Local\{CC210EB6-BBF2-DEC8-A5C0-1FF2A9F4C346}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Local\{CC210EB6-BBF2-DEC8-A5C0-1FF2A9F4C346} |
|
1 | |
| Mutex | Release | mutex_name = Local\{14572DFD-6357-66D5-8D88-47FA113C6BCE} |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = {DB94E230-7EC4-C521-603F-92C994E3E60D}, type = REG_NONE |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:54 (UTC) |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = {DB94E230-7EC4-C521-603F-92C994E3E60D}, size = 8, type = REG_BINARY |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:54 (UTC) |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathFindExtensionA, address_out = 0x7ffb3aa04800 |
|
1 | |
| Process | Create | process_name = cmd /C "nslookup myip.opendns.com resolver1.opendns.com > C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1", os_pid = 0xef0, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Process | Create | process_name = cmd /C "echo -------- >> C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1", os_pid = 0xd34, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1, type = size |
|
1 | |
| File | Read | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1, size = 125, size_out = 125 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1 |
|
1 | |
| Module | Load | module_name = WS2_32.dll, base_address = 0x7ffb3c570000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 115, address_out = 0x7ffb3c5730c0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 52, address_out = 0x7ffb3c59aab0 |
|
1 | |
| DNS | Resolve Name | host = 87.142.152.58, address_out = 87.142.152.58 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = 116, address_out = 0x7ffb3c583ce0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, size = 40, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299\Run |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299\Config |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegNotifyChangeKeyValue, address_out = 0x7ffb3c2e8fd0 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 161171 |
|
2 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance, value_name = Rank, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = DisplayName, type = REG_NONE |
|
2 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = IconUri, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = IconBackgroundColor, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = CustomActivator, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = NotificationObjFactory |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\NotificationObjFactory.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Free |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = tiledatamodelsvc |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = XML DOM Document 6.0 |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\msxml6.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = XML Schema Cache 6.0 |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\msxml6.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | value_name = ActivationType, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = Threading, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = TrustLevel, type = REG_NONE |
|
1 | |
| Registry | Read Value | value_name = ActivateAsUser, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\AppUserModelId\Windows.SystemToast.SecurityAndMaintenance, value_name = ForcePersonableToasts, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance, value_name = ShowInActionCenter, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Current\\Windows.SystemToast.SecurityAndMaintenance\195, value_name = ImageFileUri, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Windows Push Notification Platform |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Notifications\Current\\Windows.SystemToast.SecurityAndMaintenance\195, value_name = ImageFileUri, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = Windows Push Notification Developer Proxy Stub |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\wpnapps.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2017-12-11 16:43:58 (UTC) |
|
7 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace, value_name = ValidateRegItems |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace, value_name = MonitorRegistry, data = 1 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace, value_name = ValidateRegItems |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace, value_name = MonitorRegistry |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace, value_name = ValidateRegItems |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace, value_name = MonitorRegistry, data = 1 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace, value_name = ValidateRegItems |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace, value_name = MonitorRegistry |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount64, address_out = 0x7ffb3d2765a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetTickCount, address_out = 0x7ffb3d2760a0 |
|
1 | |
| System | Get Time | type = Ticks, time = 159734 |
|
2 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:58 (UTC) |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Bind | protocol = IPPROTO_IP, local_address = 127.0.0.1, local_port = 0 |
|
1 | |
| Socket | Listen | local_address = 127.0.0.1, local_port = 0, queue_length = 1 |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Connect | remote_address = 127.0.0.1, remote_port = 49430 |
|
1 | |
| Socket | Accept | type = SOCK_STREAM, remote_address_out = 127.0.0.1, remote_port_out = 49431 |
|
1 | |
| Socket | Close | type = SOCK_STREAM |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:58 (UTC) |
|
10 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\state.tmp, desired_access = DELETE, GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Get Info | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\state.tmp, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\state.tmp, size = 223 |
|
1 | |
| File | Move | source_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\state.tmp, destination_filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\state |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:58 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\router-stability, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\geoip, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:58 (UTC) |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Load | module_name = NETAPI32.DLL, base_address = 0x7ffb30240000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NetStatisticsGet, address_out = 0x7ffb30242480 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NetApiBufferFree, address_out = 0x7ffb38f91930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffb3c2e89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenRandom, address_out = 0x7ffb3c2e90d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptReleaseContext, address_out = 0x7ffb3c2e8ee0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = Unknown module name, base_address = 0x7ff67bf70000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = _OPENSSL_isservice, address_out = 0x0 |
|
1 | |
| Module | Load | module_name = USER32.DLL, base_address = 0x7ffb3c650000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetForegroundWindow, address_out = 0x7ffb3c680010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCursorInfo, address_out = 0x7ffb3c683480 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetQueueStatus, address_out = 0x7ffb3c66ae40 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Address | module_name = Unknown module name, function = CreateToolhelp32Snapshot, address_out = 0x7ffb3d286830 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseToolhelp32Snapshot, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32First, address_out = 0x7ffb3d2a4d30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32Next, address_out = 0x7ffb3d2a5150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32ListFirst, address_out = 0x7ffb3d2a4f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32ListNext, address_out = 0x7ffb3d2a5070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Process32First, address_out = 0x7ffb3d2a55f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Process32Next, address_out = 0x7ffb3d2a56e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Thread32First, address_out = 0x7ffb3d2801b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Thread32Next, address_out = 0x7ffb3d276720 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Module32First, address_out = 0x7ffb3d2a53b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Module32Next, address_out = 0x7ffb3d2a54d0 |
|
1 | |
| System | Get Time | type = Ticks, time = 160062 |
|
1 | |
| System | Get Time | type = Ticks, time = 160453 |
|
1 | |
| System | Get Time | type = Ticks, time = 160718 |
|
1 | |
| System | Get Time | type = Ticks, time = 160890 |
|
1 | |
| System | Get Time | type = Ticks, time = 161078 |
|
1 | |
| System | Get Time | type = Ticks, time = 161093 |
|
8 | |
| System | Get Time | type = Ticks, time = 161109 |
|
6 | |
| System | Get Time | type = Ticks, time = 161125 |
|
7 | |
| System | Get Time | type = Ticks, time = 161140 |
|
7 | |
| System | Get Time | type = Ticks, time = 161171 |
|
6 | |
| System | Get Time | type = Ticks, time = 161187 |
|
9 | |
| System | Get Time | type = Ticks, time = 161203 |
|
9 | |
| System | Get Time | type = Ticks, time = 161218 |
|
4 | |
| System | Get Time | type = Ticks, time = 161218 |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Load | module_name = KERNEL32.DLL, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Load | module_name = NETAPI32.DLL, base_address = 0x7ffb30240000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NetStatisticsGet, address_out = 0x7ffb30242480 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = NetApiBufferFree, address_out = 0x7ffb38f91930 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptAcquireContextW, address_out = 0x7ffb3c2e89e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptGenRandom, address_out = 0x7ffb3c2e90d0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CryptReleaseContext, address_out = 0x7ffb3c2e8ee0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = USER32.DLL, base_address = 0x7ffb3c650000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetForegroundWindow, address_out = 0x7ffb3c680010 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetCursorInfo, address_out = 0x7ffb3c683480 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetQueueStatus, address_out = 0x7ffb3c66ae40 |
|
1 | |
| System | Get Info | type = Operating System |
|
2 | |
| Module | Get Address | module_name = Unknown module name, function = CreateToolhelp32Snapshot, address_out = 0x7ffb3d286830 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CloseToolhelp32Snapshot, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32First, address_out = 0x7ffb3d2a4d30 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32Next, address_out = 0x7ffb3d2a5150 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32ListFirst, address_out = 0x7ffb3d2a4f80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Heap32ListNext, address_out = 0x7ffb3d2a5070 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Process32First, address_out = 0x7ffb3d2a55f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Process32Next, address_out = 0x7ffb3d2a56e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Thread32First, address_out = 0x7ffb3d2801b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Thread32Next, address_out = 0x7ffb3d276720 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Module32First, address_out = 0x7ffb3d2a53b0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = Module32Next, address_out = 0x7ffb3d2a54d0 |
|
1 | |
| System | Get Time | type = Ticks, time = 162453 |
|
1 | |
| System | Get Time | type = Ticks, time = 162921 |
|
1 | |
| System | Get Time | type = Ticks, time = 163281 |
|
1 | |
| System | Get Time | type = Ticks, time = 163640 |
|
9 | |
| System | Get Time | type = Ticks, time = 163656 |
|
8 | |
| System | Get Time | type = Ticks, time = 163671 |
|
6 | |
| System | Get Time | type = Ticks, time = 163687 |
|
6 | |
| System | Get Time | type = Ticks, time = 163703 |
|
2 | |
| System | Get Time | type = Ticks, time = 163984 |
|
11 | |
| System | Get Time | type = Ticks, time = 164000 |
|
7 | |
| System | Get Time | type = Ticks, time = 164015 |
|
7 | |
| System | Get Time | type = Ticks, time = 164031 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
189 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-certs, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-consensus, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\unverified-consensus, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-microdesc-consensus, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\unverified-microdesc-consensus, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| File | Create | filename = \tor\fallback-consensus, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
3 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-microdescs, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-microdescs.new, desired_access = DELETE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_DELETE_ON_CLOSE, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
2 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-descriptors, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
3 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\cached-extrainfo, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
3 | |
| System | Get Time | type = Ticks, time = 164750 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Sleep | duration = 0 milliseconds (0.000 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 164765 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
28 | |
| Socket | Create | protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM |
|
1 | |
| Socket | Connect | remote_address = 193.23.244.244, remote_port = 443 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
6 | |
| System | Get Time | type = Ticks, time = 164765 |
|
2 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 164765 |
|
1 | |
| System | Get Time | type = Ticks, time = 164796 |
|
2 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\iphlpapi.dll, base_address = 0x7ffb37410000 |
|
1 | |
| Socket | Create | protocol = IPPROTO_UDP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 18.0.0.1, remote_port = 9 |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 | |
| Module | Load | module_name = C:\Windows\system32\iphlpapi.dll, base_address = 0x7ffb37410000 |
|
1 | |
| Socket | Create | protocol = IPPROTO_UDP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 18.0.0.1, remote_port = 9 |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 237, size_out = 237 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 7, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 7, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 164828 |
|
2 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 7, size_out = 7 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 60, size_out = 60 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 586, size_out = 586 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 331, size_out = 331 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4, size_out = 4 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 134, size_out = 134 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 164859 |
|
2 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 1, size_out = 1 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 48, size_out = 48 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 164859 |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 74, size_out = 74 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 164875 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 164890 |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 2048, size_out = 2048 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
9 | |
| System | Get Time | type = Ticks, time = 164906 |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 586, size_out = 586 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 164906 |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 586, size_out = 586 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 164968 |
|
1 | |
| System | Get Time | type = Ticks, time = 164984 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165062 |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 544, size_out = 544 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
5 | |
| System | Get Time | type = Ticks, time = 165062 |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 586, size_out = 586 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165093 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165093 |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 544, size_out = 544 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
3 | |
| System | Get Time | type = Ticks, time = 165109 |
|
2 | |
| Socket | Send | flags = NO_FLAG_SET, size = 586, size_out = 586 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165140 |
|
2 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4080, size_out = 4080 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
9 | |
| System | Get Time | type = Ticks, time = 165140 |
|
2 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4080, size_out = 4080 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
10 | |
| System | Get Time | type = Ticks, time = 165140 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165140 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 640, size_out = 640 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
11 | |
| System | Get Time | type = Ticks, time = 165140 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165140 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4080, size_out = 4080 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
15 | |
| System | Get Time | type = Ticks, time = 165140 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165140 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4080, size_out = 4080 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
16 | |
| System | Get Time | type = Ticks, time = 165156 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165156 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 640, size_out = 640 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
10 | |
| System | Get Time | type = Ticks, time = 165156 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165156 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 32, size_out = 32 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 5, size_out = 5 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 4080, size_out = 728 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 3352, size_out = -1 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
8 | |
| System | Get Time | type = Ticks, time = 165156 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 165156 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:04 (UTC) |
|
6 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | module_name = Unknown module name, function = CoInitializeEx, address_out = 0x7ffb3cce3170 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateInstance, address_out = 0x7ffb3ccf7000 |
|
1 | |
| COM | Create | interface = FD465481-1384-11D0-ABBD-0020AFDFD10A, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = CLSID_ImnAccountManager |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\system32\msoeacct.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Mail Setup, value_name = DelayInitialized, type = REG_NONE |
|
2 | |
| Module | Get Address | module_name = Unknown module name, function = PathFindFileNameW, address_out = 0x7ffb3a9fb610 |
|
1 | |
| Process | Create | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, os_pid = 0xd24, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetProcessImageFileNameW, address_out = 0x7ffb3cfb10a0 |
|
1 | |
| Process | Get filename | file_name = \Device\HarddiskVolume1\Program Files\Windows Mail\WinMail.exe |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72a86f000, size = 616 |
|
1 | |
| Memory | Read | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b500000, size = 4096 |
|
1 | |
| Memory | Read | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5000e8, size = 4096 |
|
1 | |
| Memory | Read | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b509940, size = 40 |
|
1 | |
| Memory | Read | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b508540, size = 4096 |
|
1 | |
| Memory | Read | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, size = 4 |
|
1 | |
| Memory | Protect | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, size = 4 |
|
1 | |
| Memory | Protect | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Suspend | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Suspend | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Suspend | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 99661504 |
|
1 | |
| Module | Map | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0xa340000 |
|
1 | |
| Module | Map | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, protection = PAGE_EXECUTE_READWRITE, address_out = 0x7eac890000 |
|
1 | |
| Memory | Allocate | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x5f0b120, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 99660072 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Memory | Write | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7eac860000, size = 792 |
|
1 | |
| Thread | Set Context | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Module | Unmap | process_name = c:\windows\explorer.exe |
|
1 | |
| Memory | Protect | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, size = 4 |
|
1 | |
| Memory | Protect | process_name = "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE, address = 0x7ff72b5076c0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0xd3c |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Mail Setup, value_name = DelayInitialized, type = REG_NONE |
|
1 | |
| COM | Create | interface = AD553D98-DEB1-474A-8E17-FC0C2075B738, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD, CLSCTX_NO_FAILURE_LOG |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = ContactManager class |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Program Files\Common Files\System\wab32.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Apartment |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Registry | Read Value | reg_name = TreatAs, type = REG_NONE |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = SAX XML Reader 6.0 |
|
1 | |
| Registry | Read Value | value_name = InprocServer32 |
|
1 | |
| Registry | Read Value | data = 0 |
|
1 | |
| Registry | Read Value | data = C:\Windows\System32\msxml6.dll |
|
1 | |
| Registry | Read Value | value_name = ThreadingModel, data = Both |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler32 |
|
1 | |
| Registry | Read Value | reg_name = InprocHandler |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = wsprintfW, address_out = 0x7ffb3c67b1d0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\WAB\DLLPath |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueA, address_out = 0x7ffb3c318180 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\WAB\DLLPath |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Mail |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyExW, address_out = 0x7ffb3c2e6cb0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7993.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7993.bin, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7993.bin, size = 190 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:03 (UTC) |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrDupW, address_out = 0x7ffb3a9fd270 |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7993.bin, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, size = 30 |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, size = 7 |
|
1 | |
| File | Read | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7993.bin, size = 190, size_out = 190 |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, size = 106 |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, size = 30 |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, size = 53 |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, size = 22 |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\8F3C.bin, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoCreateGuid, address_out = 0x7ffb3cce2340 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299\Files |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299\Files, value_name = AAAA1B69FB9D72400E, size = 92, type = REG_BINARY |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7993.bin |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CoUninitialize, address_out = 0x7ffb3cce2380 |
|
1 |
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:03, Reason: Injection |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:17 |
| Information | Value |
|---|---|
| PID | 0x85c |
| Parent PID | 0x248 (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
BF4
0x
B34
0x
888
0x
880
0x
87C
0x
874
0x
860
0x
E30
0x
E2C
0x
478
0x
F38
0x
ED8
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x0000009427ea0000 | 0x9427ea0000 | 0x9427eaffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000009427eb0000 | 0x9427eb0000 | 0x9427eb0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009427ec0000 | 0x9427ec0000 | 0x9427ed3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000009427ee0000 | 0x9427ee0000 | 0x9427f5ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009427f60000 | 0x9427f60000 | 0x9427f63fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000009427f70000 | 0x9427f70000 | 0x9427f71fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000009427f80000 | 0x9427f80000 | 0x9427f81fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000009427f90000 | 0x9427f90000 | 0x9427f90fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009427fa0000 | 0x9427fa0000 | 0x9427fa0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000009427fb0000 | 0x9427fb0000 | 0x9427fb6fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009427fc0000 | 0x9427fc0000 | 0x9427fc0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000009427fd0000 | 0x9427fd0000 | 0x9427ff9fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000009428000000 | 0x9428000000 | 0x94280fffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x9428100000 | 0x94281bdfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000094281c0000 | 0x94281c0000 | 0x942823ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009428240000 | 0x9428240000 | 0x9428242fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000009428250000 | 0x9428250000 | 0x9428250fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009428260000 | 0x9428260000 | 0x9428260fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| windows.storage.dll.mui | 0x9428270000 | 0x9428277fff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x9428280000 | 0x9428283fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000009428290000 | 0x9428290000 | 0x9428296fff | Private Memory | Readable, Writable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db | 0x94282a0000 | 0x94282c1fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00000094282d0000 | 0x94282d0000 | 0x94282d0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| cversions.2.db | 0x94282e0000 | 0x94282e3fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000094282f0000 | 0x94282f0000 | 0x94282f0fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000009428300000 | 0x9428300000 | 0x94283fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000009428400000 | 0x9428400000 | 0x942847ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000009428480000 | 0x9428480000 | 0x9428607fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000009428610000 | 0x9428610000 | 0x9428790fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000094287a0000 | 0x94287a0000 | 0x9429b9ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x9429ba0000 | 0x9429ed6fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000009429ee0000 | 0x9429ee0000 | 0x9429f5ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000009429f60000 | 0x9429f60000 | 0x9429fdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000009429fe0000 | 0x9429fe0000 | 0x942a05ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a060000 | 0x942a060000 | 0x942a0c8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a060000 | 0x942a060000 | 0x942a061fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a0c0000 | 0x942a0c0000 | 0x942a0c8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a0e0000 | 0x942a0e0000 | 0x942a15ffff | Private Memory | Readable, Writable |
|
|
|
|
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db | 0x942a160000 | 0x942a1a2fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000942a1b0000 | 0x942a1b0000 | 0x942a1b6fff | Private Memory | Readable, Writable |
|
|
|
|
| propsys.dll.mui | 0x942a1c0000 | 0x942a1d0fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000942a200000 | 0x942a200000 | 0x942a2fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a300000 | 0x942a300000 | 0x942a3fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a400000 | 0x942a400000 | 0x942a47ffff | Private Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x942a500000 | 0x942a5defff | Memory Mapped File | Readable |
|
|
|
|
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x942a5e0000 | 0x942a66afff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x000000942a670000 | 0x942a670000 | 0x942a701fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000942a710000 | 0x942a710000 | 0x942a90ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a800000 | 0x942a800000 | 0x942a8fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a900000 | 0x942a900000 | 0x942aafffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942a900000 | 0x942a900000 | 0x942a9fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942aa00000 | 0x942aa00000 | 0x942abfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942aa00000 | 0x942aa00000 | 0x942aafffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942ab00000 | 0x942ab00000 | 0x942acfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000942ab00000 | 0x942ab00000 | 0x942abfffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00007df5ff630000 | 0x7df5ff630000 | 0x7ff5ff62ffff | Pagefile Backed Memory | - |
|
|
|
|
| private_0x00007ff7186e8000 | 0x7ff7186e8000 | 0x7ff7186e9fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff7186ea000 | 0x7ff7186ea000 | 0x7ff7186ebfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff7186ee000 | 0x7ff7186ee000 | 0x7ff7186effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00007ff7186f0000 | 0x7ff7186f0000 | 0x7ff7187effff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff7187f0000 | 0x7ff7187f0000 | 0x7ff718812fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff718814000 | 0x7ff718814000 | 0x7ff718814fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff718816000 | 0x7ff718816000 | 0x7ff718817fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff718818000 | 0x7ff718818000 | 0x7ff718819fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff71881a000 | 0x7ff71881a000 | 0x7ff71881bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff71881c000 | 0x7ff71881c000 | 0x7ff71881dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff71881e000 | 0x7ff71881e000 | 0x7ff71881ffff | Private Memory | Readable, Writable |
|
|
|
|
| runtimebroker.exe | 0x7ff719590000 | 0x7ff7195a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntoskrnl.exe | 0x7ff7a62c0000 | 0x7ff7a6b11fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.search.dll | 0x7ffb25f30000 | 0x7ffb25ffafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| structuredquery.dll | 0x7ffb26000000 | 0x7ffb260b6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.internal.shell.broker.dll | 0x7ffb29c70000 | 0x7ffb29d01fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wwapi.dll | 0x7ffb2afc0000 | 0x7ffb2afd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.networking.connectivity.dll | 0x7ffb2afe0000 | 0x7ffb2b08bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| tokenbroker.dll | 0x7ffb2cfd0000 | 0x7ffb2d095fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| execmodelclient.dll | 0x7ffb2d630000 | 0x7ffb2d672fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| edputil.dll | 0x7ffb2dc70000 | 0x7ffb2dc9efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| actxprxy.dll | 0x7ffb2dd30000 | 0x7ffb2e199fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| npmproxy.dll | 0x7ffb2e8e0000 | 0x7ffb2e8edfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wlanapi.dll | 0x7ffb2e9e0000 | 0x7ffb2ea3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netprofm.dll | 0x7ffb2fa50000 | 0x7ffb2fa8efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| idstore.dll | 0x7ffb30d10000 | 0x7ffb30d36fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.networking.hostname.dll | 0x7ffb30dd0000 | 0x7ffb30e07fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.ui.immersive.dll | 0x7ffb318e0000 | 0x7ffb31a96fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iertutil.dll | 0x7ffb31aa0000 | 0x7ffb31e15fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mrmcorer.dll | 0x7ffb32ec0000 | 0x7ffb32fcefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcp110_win.dll | 0x7ffb350b0000 | 0x7ffb35141fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| policymanager.dll | 0x7ffb35150000 | 0x7ffb35188fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| xmllite.dll | 0x7ffb352c0000 | 0x7ffb352f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintypes.dll | 0x7ffb36330000 | 0x7ffb36460fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samlib.dll | 0x7ffb36530000 | 0x7ffb3654bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samcli.dll | 0x7ffb366c0000 | 0x7ffb366d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x7ffb36950000 | 0x7ffb36ad2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mmdevapi.dll | 0x7ffb36ae0000 | 0x7ffb36b51fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x7ffb36c00000 | 0x7ffb36c15fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x7ffb373f0000 | 0x7ffb373fafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x7ffb37410000 | 0x7ffb37447fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wtsapi32.dll | 0x7ffb37a60000 | 0x7ffb37a72fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sppc.dll | 0x7ffb37af0000 | 0x7ffb37b14fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| slc.dll | 0x7ffb37b20000 | 0x7ffb37b45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| coremessaging.dll | 0x7ffb380d0000 | 0x7ffb38197fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7ffb38610000 | 0x7ffb386a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x7ffb386b0000 | 0x7ffb386d6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| twinapi.appcore.dll | 0x7ffb387f0000 | 0x7ffb388ddfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x7ffb38f90000 | 0x7ffb38f9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x7ffb39260000 | 0x7ffb39292fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x7ffb39350000 | 0x7ffb3936efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x7ffb39610000 | 0x7ffb39626fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x7ffb39780000 | 0x7ffb3978afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7ffb39960000 | 0x7ffb3998bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x7ffb39b60000 | 0x7ffb39b87fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x7ffb39b90000 | 0x7ffb39bfafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x7ffb39c00000 | 0x7ffb39c97fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x7ffb39d40000 | 0x7ffb39d50fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x7ffb39d60000 | 0x7ffb39d6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x7ffb39d70000 | 0x7ffb39d82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x7ffb39d90000 | 0x7ffb39dd9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x7ffb39de0000 | 0x7ffb3a407fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x7ffb3a410000 | 0x7ffb3a453fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x7ffb3a570000 | 0x7ffb3a622fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x7ffb3a630000 | 0x7ffb3a7f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb3a800000 | 0x7ffb3a9dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x7ffb3a9e0000 | 0x7ffb3a9e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7ffb3a9f0000 | 0x7ffb3aa40fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7ffb3aa50000 | 0x7ffb3bf74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb3bf80000 | 0x7ffb3c0a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb3c290000 | 0x7ffb3c2c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7ffb3c2d0000 | 0x7ffb3c375fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb3c3e0000 | 0x7ffb3c564fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb3c650000 | 0x7ffb3c79dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb3c950000 | 0x7ffb3c9aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7ffb3c9b0000 | 0x7ffb3ca6dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x7ffb3ca70000 | 0x7ffb3cb14fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7ffb3cb20000 | 0x7ffb3cc60fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x7ffb3cc70000 | 0x7ffb3ceebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb3cf10000 | 0x7ffb3cfacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x7ffb3cfb0000 | 0x7ffb3cfb7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb3d020000 | 0x7ffb3d17bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb3d260000 | 0x7ffb3d30cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb3d310000 | 0x7ffb3d4d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #9: c:\windows\explorer.exe | 0xde4 | address = 0x7ffb3d319fa0 |
|
1 | |
| Modify Memory | #9: c:\windows\explorer.exe | 0xde4 | address = 0x7ffb3d319fa0, size = 4 |
|
2 | |
| Modify Memory | #9: c:\windows\explorer.exe | 0xde4 | address = 0x942a670000, size = 598016 |
|
1 | |
| Modify Memory | #9: c:\windows\explorer.exe | 0xde4 | address = 0x94282f0000, size = 792 |
|
1 | |
| Modify Control Flow | #9: c:\windows\explorer.exe | 0xde4 | os_tid = 0xe30, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x942823fb90 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0x942823fb90 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0x942823fb90 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:39 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\windows\system32\runtimebroker.exe, file_name_orig = C:\Windows\System32\RuntimeBroker.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x7ffb3d27e960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb3c2ed610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb3a9f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrRChrA, address_out = 0x7ffb3aa04dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb3c650000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = wsprintfA, address_out = 0x7ffb3c672610 |
|
1 | |
| Mutex | Create | mutex_name = {B3575357-76B9-5D62-1897-0AE1CCBBDEA5} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffb3a800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffb3c2fec40 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb3cfb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcessModules, address_out = 0x7ffb3cfb1040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:43:39 (UTC) |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyA, address_out = 0x7ffb3c2eb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffb3c2e7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffb3c2e72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrToIntExA, address_out = 0x7ffb3aa04e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrChrA, address_out = 0x7ffb3aa04cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrTrimA, address_out = 0x7ffb3aa04e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyA, address_out = 0x7ffb3c316dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Scr, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "nslookup myip.opendns.com resolver1.opendns.com > C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:02 |
| Information | Value |
|---|---|
| PID | 0xef0 |
| Parent PID | 0x728 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EC0
0x
F74
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x0000002e45920000 | 0x2e45920000 | 0x2e4593ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000002e45920000 | 0x2e45920000 | 0x2e4592ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000002e45930000 | 0x2e45930000 | 0x2e45936fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000002e45940000 | 0x2e45940000 | 0x2e45953fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000002e45960000 | 0x2e45960000 | 0x2e45a5ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000002e45a60000 | 0x2e45a60000 | 0x2e45a63fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000002e45a70000 | 0x2e45a70000 | 0x2e45a70fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000002e45a80000 | 0x2e45a80000 | 0x2e45a81fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x2e45a90000 | 0x2e45b4dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000002e45b50000 | 0x2e45b50000 | 0x2e45b56fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000002e45b90000 | 0x2e45b90000 | 0x2e45c8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000002e45c90000 | 0x2e45c90000 | 0x2e45d8ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000002e45dd0000 | 0x2e45dd0000 | 0x2e45ddffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x2e45de0000 | 0x2e46116fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00007df5ffa40000 | 0x7df5ffa40000 | 0x7ff5ffa3ffff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x00007ff699c00000 | 0x7ff699c00000 | 0x7ff699cfffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff699d00000 | 0x7ff699d00000 | 0x7ff699d22fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff699d24000 | 0x7ff699d24000 | 0x7ff699d24fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff699d2c000 | 0x7ff699d2c000 | 0x7ff699d2dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff699d2e000 | 0x7ff699d2e000 | 0x7ff699d2ffff | Private Memory | Readable, Writable |
|
|
|
|
| cmd.exe | 0x7ff69a200000 | 0x7ff69a258fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb3a800000 | 0x7ffb3a9dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb3cf10000 | 0x7ffb3cfacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb3d260000 | 0x7ffb3d30cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb3d310000 | 0x7ffb3d4d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x7ff69a200000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffb3d27d550 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7ffb3d2825e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7ffb3d281f90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x7ffb3a853a10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\nslookup.exe, os_pid = 0xf7c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\nslookup.exe |
| Command Line | nslookup myip.opendns.com resolver1.opendns.com |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:00 |
| Information | Value |
|---|---|
| PID | 0xf7c |
| Parent PID | 0xef0 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
EA0
0x
EAC
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x0000004d203d0000 | 0x4d203d0000 | 0x4d203effff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000004d203d0000 | 0x4d203d0000 | 0x4d203dffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000004d203e0000 | 0x4d203e0000 | 0x4d203e6fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000004d203f0000 | 0x4d203f0000 | 0x4d20403fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000004d20410000 | 0x4d20410000 | 0x4d2048ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000004d20490000 | 0x4d20490000 | 0x4d20493fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000004d204a0000 | 0x4d204a0000 | 0x4d204a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000004d204b0000 | 0x4d204b0000 | 0x4d204b1fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000004d204c0000 | 0x4d204c0000 | 0x4d204c6fff | Private Memory | Readable, Writable |
|
|
|
|
| nslookup.exe.mui | 0x4d204d0000 | 0x4d204d4fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000004d204e0000 | 0x4d204e0000 | 0x4d205dffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x4d205e0000 | 0x4d2069dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000004d206a0000 | 0x4d206a0000 | 0x4d2071ffff | Private Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0x4d20720000 | 0x4d20753fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000004d20720000 | 0x4d20720000 | 0x4d20720fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000004d20730000 | 0x4d20730000 | 0x4d20730fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000004d20800000 | 0x4d20800000 | 0x4d2080ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000004d20810000 | 0x4d20810000 | 0x4d20997fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000004d209a0000 | 0x4d209a0000 | 0x4d20b20fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000004d20b30000 | 0x4d20b30000 | 0x4d21f2ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007df5ff780000 | 0x7df5ff780000 | 0x7ff5ff77ffff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x00007ff624a40000 | 0x7ff624a40000 | 0x7ff624b3ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff624b40000 | 0x7ff624b40000 | 0x7ff624b62fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff624b6a000 | 0x7ff624b6a000 | 0x7ff624b6bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff624b6c000 | 0x7ff624b6c000 | 0x7ff624b6dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff624b6e000 | 0x7ff624b6e000 | 0x7ff624b6efff | Private Memory | Readable, Writable |
|
|
|
|
| nslookup.exe | 0x7ff625810000 | 0x7ff62582afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| napinsp.dll | 0x7ffb2e450000 | 0x7ffb2e464fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pnrpnsp.dll | 0x7ffb2e470000 | 0x7ffb2e489fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winrnr.dll | 0x7ffb2e490000 | 0x7ffb2e49cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rasadhlp.dll | 0x7ffb308c0000 | 0x7ffb308c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| fwpuclnt.dll | 0x7ffb361e0000 | 0x7ffb36247fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x7ffb373f0000 | 0x7ffb373fafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x7ffb37410000 | 0x7ffb37447fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nlaapi.dll | 0x7ffb37470000 | 0x7ffb37487fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| dnsapi.dll | 0x7ffb393b0000 | 0x7ffb39457fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mswsock.dll | 0x7ffb395b0000 | 0x7ffb3960cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x7ffb39b60000 | 0x7ffb39b87fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb3a800000 | 0x7ffb3a9dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x7ffb3a9e0000 | 0x7ffb3a9e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb3bf80000 | 0x7ffb3c0a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb3c290000 | 0x7ffb3c2c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb3c3e0000 | 0x7ffb3c564fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ws2_32.dll | 0x7ffb3c570000 | 0x7ffb3c5d8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb3c650000 | 0x7ffb3c79dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb3c950000 | 0x7ffb3c9aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb3cf10000 | 0x7ffb3cfacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb3d020000 | 0x7ffb3d17bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb3d260000 | 0x7ffb3d30cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb3d310000 | 0x7ffb3d4d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\nslookup.exe, base_address = 0x7ff625810000 |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DNSLookupOrder |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = Domain |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DhcpDomain |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = SearchList |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters, value_name = DhcpSearchList |
|
1 | |
| DNS | Get Hostname | name_out = LHnIwsj |
|
1 | |
| DNS | Resolve Name | host = resolver1.opendns.com, address_out = 208.67.222.222 |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 208.67.222.222, remote_port = 53 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 45, size_out = 45 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 65536, size_out = 80 |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 208.67.222.222, remote_port = 53 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 34, size_out = 34 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 65536, size_out = 50 |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 27 |
|
1 | |
| Socket | Create | protocol = IPPROTO_IP, address_family = AF_INET, type = SOCK_DGRAM |
|
1 | |
| Socket | Connect | remote_address = 208.67.222.222, remote_port = 53 |
|
1 | |
| Socket | Send | flags = NO_FLAG_SET, size = 34, size_out = 34 |
|
1 | |
| Socket | Receive | flags = NO_FLAG_SET, size = 65536, size_out = 102 |
|
1 | |
| Socket | Close | type = SOCK_DGRAM |
|
1 |
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:22, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:58 |
| Information | Value |
|---|---|
| PID | 0xd34 |
| Parent PID | 0x728 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B0
0x
D2C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x0000005f2eeb0000 | 0x5f2eeb0000 | 0x5f2eecffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000005f2eeb0000 | 0x5f2eeb0000 | 0x5f2eebffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000005f2eec0000 | 0x5f2eec0000 | 0x5f2eec6fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000005f2eed0000 | 0x5f2eed0000 | 0x5f2eee3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000005f2eef0000 | 0x5f2eef0000 | 0x5f2efeffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000005f2eff0000 | 0x5f2eff0000 | 0x5f2eff3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000005f2f000000 | 0x5f2f000000 | 0x5f2f000fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000005f2f010000 | 0x5f2f010000 | 0x5f2f011fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000005f2f020000 | 0x5f2f020000 | 0x5f2f026fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000005f2f0d0000 | 0x5f2f0d0000 | 0x5f2f1cffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x5f2f1d0000 | 0x5f2f28dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000005f2f290000 | 0x5f2f290000 | 0x5f2f38ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000005f2f520000 | 0x5f2f520000 | 0x5f2f52ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00007df5ff5b0000 | 0x7df5ff5b0000 | 0x7ff5ff5affff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x00007ff699b10000 | 0x7ff699b10000 | 0x7ff699c0ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff699c10000 | 0x7ff699c10000 | 0x7ff699c32fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff699c38000 | 0x7ff699c38000 | 0x7ff699c38fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff699c3c000 | 0x7ff699c3c000 | 0x7ff699c3dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff699c3e000 | 0x7ff699c3e000 | 0x7ff699c3ffff | Private Memory | Readable, Writable |
|
|
|
|
| cmd.exe | 0x7ff69a200000 | 0x7ff69a258fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb3a800000 | 0x7ffb3a9dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb3cf10000 | 0x7ffb3cfacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb3d260000 | 0x7ffb3d30cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb3d310000 | 0x7ffb3d4d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x7ff69a200000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ffb3d27d550 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7ffb3d2825e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7ffb3d281f90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x7ffb3a853a10 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\A7BD.bi1, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = size |
|
1 | |
| File | Read | filename = STD_OUTPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 11 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\program files\windows mail\winmail.exe |
| Command Line | "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:25, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:55 |
| Information | Value |
|---|---|
| PID | 0xd24 |
| Parent PID | 0x728 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
D1C
0x
F70
0x
F30
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x0000007eac4f0000 | 0x7eac4f0000 | 0x7eac50ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000007eac4f0000 | 0x7eac4f0000 | 0x7eac4fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac500000 | 0x7eac500000 | 0x7eac506fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000007eac510000 | 0x7eac510000 | 0x7eac523fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000007eac530000 | 0x7eac530000 | 0x7eac5affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000007eac5b0000 | 0x7eac5b0000 | 0x7eac5b3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000007eac5c0000 | 0x7eac5c0000 | 0x7eac5c1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000007eac5d0000 | 0x7eac5d0000 | 0x7eac5d1fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac5e0000 | 0x7eac5e0000 | 0x7eac65ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac660000 | 0x7eac660000 | 0x7eac666fff | Private Memory | Readable, Writable |
|
|
|
|
| winmail.exe.mui | 0x7eac670000 | 0x7eac671fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000007eac680000 | 0x7eac680000 | 0x7eac680fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac690000 | 0x7eac690000 | 0x7eac78ffff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x7eac790000 | 0x7eac84dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000007eac850000 | 0x7eac850000 | 0x7eac850fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac860000 | 0x7eac860000 | 0x7eac860fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000007eac870000 | 0x7eac870000 | 0x7eac871fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000007eac880000 | 0x7eac880000 | 0x7eac881fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000007eac890000 | 0x7eac890000 | 0x7eac921fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000007eac930000 | 0x7eac930000 | 0x7eac931fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac930000 | 0x7eac930000 | 0x7eac936fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000007eac9c0000 | 0x7eac9c0000 | 0x7eac9cffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000007eac9d0000 | 0x7eac9d0000 | 0x7eacb57fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000007eacb60000 | 0x7eacb60000 | 0x7eacce0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000007eaccf0000 | 0x7eaccf0000 | 0x7eae0effff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000007eae0f0000 | 0x7eae0f0000 | 0x7eae50ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x7eae510000 | 0x7eae846fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00007df5ff160000 | 0x7df5ff160000 | 0x7ff5ff15ffff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x00007ff72a740000 | 0x7ff72a740000 | 0x7ff72a83ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff72a840000 | 0x7ff72a840000 | 0x7ff72a862fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff72a86b000 | 0x7ff72a86b000 | 0x7ff72a86cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff72a86d000 | 0x7ff72a86d000 | 0x7ff72a86efff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff72a86f000 | 0x7ff72a86f000 | 0x7ff72a86ffff | Private Memory | Readable, Writable |
|
|
|
|
| winmail.exe | 0x7ff72b500000 | 0x7ff72b569fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msoert2.dll | 0x7ffb25180000 | 0x7ffb251a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x7ffb34cc0000 | 0x7ffb34f33fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7ffb39960000 | 0x7ffb3998bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x7ffb39d60000 | 0x7ffb39d6efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x7ffb39d70000 | 0x7ffb39d82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x7ffb39d90000 | 0x7ffb39dd9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x7ffb39de0000 | 0x7ffb3a407fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x7ffb3a570000 | 0x7ffb3a622fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb3a800000 | 0x7ffb3a9dcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7ffb3a9f0000 | 0x7ffb3aa40fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7ffb3aa50000 | 0x7ffb3bf74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb3bf80000 | 0x7ffb3c0a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb3c290000 | 0x7ffb3c2c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7ffb3c2d0000 | 0x7ffb3c375fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb3c3e0000 | 0x7ffb3c564fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb3c650000 | 0x7ffb3c79dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb3c950000 | 0x7ffb3c9aafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7ffb3c9b0000 | 0x7ffb3ca6dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7ffb3cb20000 | 0x7ffb3cc60fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x7ffb3cc70000 | 0x7ffb3ceebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb3cf10000 | 0x7ffb3cfacfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x7ffb3cfb0000 | 0x7ffb3cfb7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb3d020000 | 0x7ffb3d17bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb3d260000 | 0x7ffb3d30cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb3d310000 | 0x7ffb3d4d1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #9: c:\windows\explorer.exe | 0xd3c | address = 0x7ff72b5076c0, size = 4 |
|
2 | |
| Modify Memory | #9: c:\windows\explorer.exe | 0xd3c | address = 0x7eac890000, size = 598016 |
|
1 | |
| Modify Memory | #9: c:\windows\explorer.exe | 0xd3c | address = 0x7eac860000, size = 792 |
|
1 | |
| Modify Control Flow | #9: c:\windows\explorer.exe | 0xd3c | os_tid = 0xd1c, address = 0x7ff72a86f000 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0x7eac5afcc0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0x7eac5afcc0 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:02 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\program files\windows mail\winmail.exe, file_name_orig = C:\Program Files\Windows Mail\WinMail.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x7ffb3d27e960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb3c2ed610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb3a9f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrRChrA, address_out = 0x7ffb3aa04dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb3c650000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = wsprintfA, address_out = 0x7ffb3c672610 |
|
1 | |
| Mutex | Create | mutex_name = {DB45C3D0-7EC1-C5FA-603F-92C994E3E60D} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffb3a800000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffb3c2fec40 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb3d310000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb3d260000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb3c2d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb3cfb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcessModules, address_out = 0x7ffb3cfb1040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 16:44:02 (UTC) |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyA, address_out = 0x7ffb3c2eb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffb3c2e7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffb3c2e72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrToIntExA, address_out = 0x7ffb3aa04e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrChrA, address_out = 0x7ffb3aa04cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrTrimA, address_out = 0x7ffb3aa04e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyA, address_out = 0x7ffb3c316dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Scr, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Amsisigd\Chakmcat.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:00, Reason: Autostart |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:20 |
| Information | Value |
|---|---|
| PID | 0x2d4 |
| Parent PID | 0x2b4 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
2F0
0x
30C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000020000 | 0x00020000 | 0x00023fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000040000 | 0x00040000 | 0x00053fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000060000 | 0x00060000 | 0x0009ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000000a0000 | 0x000a0000 | 0x0019ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000001c0000 | 0x001c0000 | 0x001c1fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x001d0000 | 0x0028dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000002e0000 | 0x002e0000 | 0x0033cfff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000340000 | 0x00340000 | 0x00378fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000380000 | 0x00380000 | 0x00380fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003b0000 | 0x003b0000 | 0x003bffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003c0000 | 0x003c0000 | 0x003f8fff | Private Memory | Readable, Writable |
|
|
|
|
| chakmcat.exe | 0x00400000 | 0x004a1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000004b0000 | 0x004b0000 | 0x005affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000610000 | 0x00610000 | 0x0070ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000710000 | 0x00710000 | 0x00897fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaut32.dll | 0x008a0000 | 0x00930fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000008a0000 | 0x008a0000 | 0x0099ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000009a0000 | 0x009a0000 | 0x009affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000009b0000 | 0x009b0000 | 0x00b30fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000b40000 | 0x00b40000 | 0x01f3ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001f40000 | 0x01f40000 | 0x0204ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000001f40000 | 0x01f40000 | 0x01fd1fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000002040000 | 0x02040000 | 0x0204ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002050000 | 0x02050000 | 0x024effff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x024f0000 | 0x02826fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002830000 | 0x02830000 | 0x029f1fff | Private Memory | Readable, Writable |
|
|
|
|
| wow64win.dll | 0x650f0000 | 0x65162fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x65170000 | 0x65177fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x65180000 | 0x651cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x743c0000 | 0x74450fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x74460000 | 0x744b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x744c0000 | 0x744c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x744d0000 | 0x744edfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x74550000 | 0x746c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x74890000 | 0x75c4efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x75c50000 | 0x75c93fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x75d10000 | 0x75d8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x75d90000 | 0x75dbafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x75dc0000 | 0x75efffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75fa0000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x76140000 | 0x7622ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76230000 | 0x7634ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76350000 | 0x76439fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x764e0000 | 0x76523fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x76530000 | 0x7653bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x76750000 | 0x76c2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x76c30000 | 0x76c3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76c40000 | 0x76cfdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x76f00000 | 0x770b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x771e0000 | 0x7726cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x77270000 | 0x7731bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x77320000 | 0x77362fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x773c0000 | 0x77538fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x000000007feb0000 | 0x7feb0000 | 0x7ffaffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7ffb6761ffff | Private Memory | Readable |
|
|
|
|
| ntdll.dll | 0x7ffb67620000 | 0x7ffb677e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007ffb677e2000 | 0x7ffb677e2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x7615a330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x76157580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x76159910 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x7615f400 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x7741a200 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x7741a200 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EncodePointer, address_out = 0x7741f190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DecodePointer, address_out = 0x7741a200 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe, file_name_orig = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Amsisigd\Chakmcat.exe, size = 260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76159640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76158b70 |
|
2 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x773c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwClose, address_out = 0x77428cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationToken, address_out = 0x77428df0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlNtStatusToDosError, address_out = 0x77413010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwOpenProcess, address_out = 0x77428e40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwQueryInformationProcess, address_out = 0x77428d50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = mbstowcs, address_out = 0x7742e610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memset, address_out = 0x7742ee50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x7742e7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77428f40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtUnmapViewOfSection, address_out = 0x77428e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtMapViewOfSection, address_out = 0x77428e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlUpcaseUnicodeString, address_out = 0x7740e040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtCreateSection, address_out = 0x77429080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = ZwOpenProcessToken, address_out = 0x77429d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlFreeUnicodeString, address_out = 0x773fb940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlUnwind, address_out = 0x7741aca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQueryVirtualMemory, address_out = 0x77428e10 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x764e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionW, address_out = 0x764f7c40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrRChrA, address_out = 0x76502900 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindExtensionA, address_out = 0x76501db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrChrA, address_out = 0x765026c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathCombineW, address_out = 0x764fcd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameW, address_out = 0x764f80d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrChrW, address_out = 0x764f6a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = StrTrimW, address_out = 0x764f83a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shlwapi.dll, function = PathFindFileNameA, address_out = 0x764f8970 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x76140000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResetEvent, address_out = 0x761660b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76165f20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LoadLibraryA, address_out = 0x7615d8d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventA, address_out = 0x76165f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateWaitableTimerA, address_out = 0x7615db30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x761657f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessA, address_out = 0x76180960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x76166510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileA, address_out = 0x761661a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76166590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x773fda90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEvent, address_out = 0x761660c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileTime, address_out = 0x76166380 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76157940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76152db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatW, address_out = 0x7617d320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x761577b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileA, address_out = 0x76166170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x76157540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x761525e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76152d80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetWaitableTimer, address_out = 0x761660d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x7615a4b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x761674f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleA, address_out = 0x76159640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapCreate, address_out = 0x76159950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapDestroy, address_out = 0x7615d940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76166110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimeAsFileTime, address_out = 0x76152b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x761661b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsA, address_out = 0x76180da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualProtectEx, address_out = 0x76182a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ResumeThread, address_out = 0x7615a280 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SuspendThread, address_out = 0x7615ed00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpA, address_out = 0x7615c1f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempFileNameA, address_out = 0x761663f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryA, address_out = 0x76166140 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTempPathA, address_out = 0x76166410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentThreadId, address_out = 0x76151b90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSize, address_out = 0x76166360 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpynA, address_out = 0x7615f7b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileA, address_out = 0x76166270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareFileTime, address_out = 0x76166130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLongPathNameW, address_out = 0x761547c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x761592b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x7615a300 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76151d90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x761661d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyA, address_out = 0x7615e320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x7615c8c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcatA, address_out = 0x7615efc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76163a30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointer, address_out = 0x76166530 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x761664a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76159560 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameA, address_out = 0x7615a040 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76166180 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetLastError, address_out = 0x76152af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualFree, address_out = 0x76158c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x76157610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = VirtualAlloc, address_out = 0x76158b70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x761664f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcpyW, address_out = 0x7617d410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateDirectoryW, address_out = 0x76166150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushFileBuffers, address_out = 0x761662a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocalFree, address_out = 0x761587c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileA, address_out = 0x76166210 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x75dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfW, address_out = 0x75deddf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = wsprintfA, address_out = 0x75deea00 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x75d10000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExA, address_out = 0x75d2ee40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x75d5bda0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyA, address_out = 0x75d331a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x75d2ed40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x75d2ee90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthority, address_out = 0x75d30ea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCreateKeyA, address_out = 0x75d33150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x75d2f0a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExA, address_out = 0x75d30750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegDeleteValueW, address_out = 0x75d30ca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyW, address_out = 0x75d2f590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegEnumKeyExA, address_out = 0x75d32520 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x75d2efa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x75d2ed60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExA, address_out = 0x75d2f000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetSidSubAuthorityCount, address_out = 0x75d30f50 |
|
1 | |
| Module | Load | module_name = SHELL32.dll, base_address = 0x74890000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x74a24cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteW, address_out = 0x74a24370 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = 92, address_out = 0x74b07560 |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x76350000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoInitializeEx, address_out = 0x76f6cd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoUninitialize, address_out = 0x76f6dca0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe, base_address = 0x400000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C83.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C83.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C83.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C83.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C83.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C93.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C93.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C93.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C93.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C93.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C94.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C94.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C94.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C94.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C94.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C95.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C95.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C95.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C95.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C95.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C96.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C96.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C96.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C96.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C96.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C97.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C97.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C97.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C97.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C97.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C98.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C98.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C98.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C98.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7C98.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CA9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CA9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CA9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CA9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CA9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CAD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CBF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CC2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CD9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CED.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CED.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CED.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CED.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CED.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CEF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CFF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CFF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CFF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CFF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7CFF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D00.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D00.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D00.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D00.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D00.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D01.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D01.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D01.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D01.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D01.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D02.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D02.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D02.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D02.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D02.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D03.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D03.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D03.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D03.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D03.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D14.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D14.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D14.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D14.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D14.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D15.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D15.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D15.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D15.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D15.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D16.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D16.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D16.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D16.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D16.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D17.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D17.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D17.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D17.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D17.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D18.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D18.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D18.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D18.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D18.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D19.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D19.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D19.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D19.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D19.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D2F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D3F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D3F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D3F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D3F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D3F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D40.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D40.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D40.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D40.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D40.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D41.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D41.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D41.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D41.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D41.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D42.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D42.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D42.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D42.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D42.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D43.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D43.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D43.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D43.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D43.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D44.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D44.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D44.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D44.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D44.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D55.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D55.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D55.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D55.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D55.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D56.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D56.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D56.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D56.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D56.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D57.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D57.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D57.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D57.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D57.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D58.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D58.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D58.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D58.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D58.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D59.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D59.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D59.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D59.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D59.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D5A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D5A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D5A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D5A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D5A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D6E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D7F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D7F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D7F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D7F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D7F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D80.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D80.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D80.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D80.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D80.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D81.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D81.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D81.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D81.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D81.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D82.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D82.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D82.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D82.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D82.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D83.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D83.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D83.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D83.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D83.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D84.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D84.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D84.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D84.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D84.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D95.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D95.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D95.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D95.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D95.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D96.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D96.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D96.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D96.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D96.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D97.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D97.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D97.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D97.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D97.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D98.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D98.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D98.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D98.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D98.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D99.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D99.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D99.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D99.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D99.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D9A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D9A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D9A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D9A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7D9A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DAF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DC4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DD9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DDB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DED.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DED.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DED.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DED.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DED.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7DEF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E00.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E00.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E00.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E00.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E00.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E01.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E01.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E01.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E01.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E01.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E02.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E02.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E02.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E02.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E02.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E03.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E03.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E03.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E03.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E03.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E04.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E04.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E04.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E04.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E04.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E14.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E14.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E14.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E14.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E14.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E15.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E15.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E15.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E15.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E15.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E16.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E16.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E16.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E16.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E16.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E17.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E17.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E17.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E17.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E17.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E18.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E18.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E18.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E18.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E18.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E29.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E29.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E29.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E29.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E29.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E2E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E3F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E3F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E3F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E3F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E3F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E40.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E40.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E40.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E40.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E40.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E41.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E41.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E41.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E41.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E41.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E42.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E42.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E42.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E42.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E42.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E43.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E43.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E43.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E43.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E43.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E44.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E44.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E44.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E44.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E44.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E54.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E54.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E54.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E54.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E54.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E55.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E55.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E55.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E55.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E55.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E56.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E56.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E56.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E56.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E56.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E57.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E57.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E57.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E57.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E57.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E58.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E58.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E58.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E58.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E58.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E69.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E69.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E69.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E69.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E69.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E6D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7F.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7F.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E7F.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E80.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E80.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E80.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E80.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E80.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E81.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E81.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E81.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E81.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E81.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E82.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E82.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E82.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E82.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E82.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E83.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E83.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E83.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E83.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E83.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E93.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E93.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E93.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E93.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E93.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E94.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E94.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E94.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E94.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E94.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E95.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E95.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E95.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E95.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E95.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E96.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E96.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E96.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E96.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E96.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E97.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E97.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E97.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E97.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E97.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E98.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E98.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E98.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E98.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7E98.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EA9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EA9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EA9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EA9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EA9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EAA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EAA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EAA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EAA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EAA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBA.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBA.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBA.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBA.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBA.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBB.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBB.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBB.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBB.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBB.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBC.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBC.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBC.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBC.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBC.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBD.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBD.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBD.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBD.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBE.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBE.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBE.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBE.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBF.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBF.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBF.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EBF.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED0.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED0.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED0.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED0.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED0.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED1.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED1.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED1.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED1.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED1.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED2.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED2.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED2.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED2.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED2.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED3.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED3.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED3.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED3.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED3.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED4.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED4.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED4.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED4.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7ED4.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE5.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE5.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE5.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE5.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE5.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EE6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF6.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF6.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF6.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF6.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF6.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF7.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF7.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF7.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF7.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF7.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF8.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF8.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF8.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF8.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF8.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF9.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF9.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF9.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF9.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7EF9.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0A.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0A.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0A.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0A.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0A.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0B.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0B.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0B.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0B.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0B.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0C.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0C.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0C.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0C.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0C.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0D.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0D.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0D.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0D.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0D.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0E.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0E.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Get Info | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0E.tmp, type = time |
|
1 | |
| File | Write | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0E.tmp, size = 8 |
|
1 | |
| File | Delete | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F0E.tmp |
|
1 | |
| File | Create Temp File | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F1F.tmp, path = C:\Users\CIIHMN~1\AppData\Local\Temp\ |
|
1 | |
| File | Create | filename = C:\Users\CIIHMN~1\AppData\Local\Temp\7F1F.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
|
For performance reasons, the remaining 1170 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\Windows\system32\svchost.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:03, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:17 |
| Information | Value |
|---|---|
| PID | 0x998 |
| Parent PID | 0x2d4 (c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
904
0x
880
0x
BFC
0x
80C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000c70000 | 0x00c70000 | 0x00d01fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x0000000000d10000 | 0x00d10000 | 0x00d10fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffb0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000ff91c70000 | 0xff91c70000 | 0xff91c8ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000ff91c70000 | 0xff91c70000 | 0xff91c7ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff91c80000 | 0xff91c80000 | 0xff91c81fff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe.mui | 0xff91c80000 | 0xff91c80fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x000000ff91c90000 | 0xff91c90000 | 0xff91ca3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000ff91cb0000 | 0xff91cb0000 | 0xff91d2ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000ff91d30000 | 0xff91d30000 | 0xff91d33fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000ff91d40000 | 0xff91d40000 | 0xff91d40fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000ff91d50000 | 0xff91d50000 | 0xff91d51fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff91d60000 | 0xff91d60000 | 0xff91ddffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff91de0000 | 0xff91de0000 | 0xff91de0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff91df0000 | 0xff91df0000 | 0xff91df0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff91e00000 | 0xff91e00000 | 0xff91e06fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0xff91e10000 | 0xff91ecdfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000ff91f00000 | 0xff91f00000 | 0xff91ffffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92000000 | 0xff92000000 | 0xff921a8fff | Private Memory | Readable, Writable |
|
|
|
|
| ole32.dll | 0xff92000000 | 0xff92140fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000ff92000000 | 0xff92000000 | 0xff92128fff | Private Memory | Readable, Writable |
|
|
|
|
| imm32.dll | 0xff92000000 | 0xff92033fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x000000ff92000000 | 0xff92000000 | 0xff92091fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000ff92120000 | 0xff92120000 | 0xff92128fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff921a0000 | 0xff921a0000 | 0xff921a8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff921b0000 | 0xff921b0000 | 0xff923affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92200000 | 0xff92200000 | 0xff922fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92300000 | 0xff92300000 | 0xff924fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92300000 | 0xff92300000 | 0xff923fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92400000 | 0xff92400000 | 0xff925fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92400000 | 0xff92400000 | 0xff924fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92500000 | 0xff92500000 | 0xff926fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92500000 | 0xff92500000 | 0xff925fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92600000 | 0xff92600000 | 0xff927fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000ff92600000 | 0xff92600000 | 0xff926fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000ff92700000 | 0xff92700000 | 0xff92887fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000ff92890000 | 0xff92890000 | 0xff92a10fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000ff92a20000 | 0xff92a20000 | 0xff93e1ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0xff93e20000 | 0xff94156fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x00007df5ff180000 | 0x7df5ff180000 | 0x7ff5ff17ffff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x00007ff77a5c0000 | 0x7ff77a5c0000 | 0x7ff77a6bffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff77a6c0000 | 0x7ff77a6c0000 | 0x7ff77a6e2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff77a6eb000 | 0x7ff77a6eb000 | 0x7ff77a6ebfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff77a6ec000 | 0x7ff77a6ec000 | 0x7ff77a6edfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff77a6ee000 | 0x7ff77a6ee000 | 0x7ff77a6effff | Private Memory | Readable, Writable |
|
|
|
|
| svchost.exe | 0x7ff77a6f0000 | 0x7ff77a6fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7ffb63c70000 | 0x7ffb63c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb64a50000 | 0x7ffb64c2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7ffb64cf0000 | 0x7ffb64dadfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb64f80000 | 0x7ffb65104fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb66640000 | 0x7ffb66765fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x7ffb66770000 | 0x7ffb66777fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb66780000 | 0x7ffb667b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb667c0000 | 0x7ffb6690dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7ffb66b30000 | 0x7ffb66b80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x7ffb66bf0000 | 0x7ffb66e6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb670d0000 | 0x7ffb6717cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb672d0000 | 0x7ffb6736cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7ffb673a0000 | 0x7ffb67445fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb67450000 | 0x7ffb675abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb675c0000 | 0x7ffb6761afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb67620000 | 0x7ffb677e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #17: c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe | 0x2f0 | address = 0xc70000, size = 598016 |
|
1 | |
| Modify Memory | #17: c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe | 0x2f0 | address = 0xd10000, size = 792 |
|
1 | |
| Modify Control Flow | #17: c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe | 0x2f0 | os_tid = 0x904, address = 0x7a6eb000 |
|
1 | |
| Modify Memory | #17: c:\users\ciihmnxmn6ps\appdata\roaming\microsoft\amsisigd\chakmcat.exe | 0x2f0 | address = 0x7ff77a6f3440, size = 4 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0xff91d2f830 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0xff91d2f830 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0xff91d2f830 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:38 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x7ffb670ee960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb673bd610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb66b30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrRChrA, address_out = 0x7ffb66b44dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb667c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = wsprintfA, address_out = 0x7ffb667e2610 |
|
1 | |
| Mutex | Create | mutex_name = {BF4FAD76-121A-4972-1463-668D8847FA11} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffb64a50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffb673cec40 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb66770000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcessModules, address_out = 0x7ffb66771040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
16 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:38 (UTC) |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyA, address_out = 0x7ffb673bb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffb673b7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffb673b72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrToIntExA, address_out = 0x7ffb66b44e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrChrA, address_out = 0x7ffb66b44cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrTrimA, address_out = 0x7ffb66b44e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetShellWindow, address_out = 0x7ffb667e4060 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetWindowThreadProcessId, address_out = 0x7ffb667d4040 |
|
1 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = RtlExitUserThread, address_out = 0x7ffb67629fa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CreateRemoteThread, address_out = 0x7ffb671126d0 |
|
1 | |
| Thread | Create | process_name = c:\windows\explorer.exe, proc_address = 0x7ffb67629fa0, proc_parameter = 0, flags = THREAD_CREATE_SUSPENDED |
|
1 | |
| Memory | Read | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0x940 |
|
1 | |
| Thread | Suspend | process_name = c:\windows\explorer.exe, os_tid = 0x940 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0x940 |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 1097663180608 |
|
1 | |
| Module | Map | process_name = c:\windows\system32\svchost.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0xff92000000 |
|
1 | |
| Module | Map | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x9090000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\ntdll.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\ntdll.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\system32\ntdll.dll, process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Memory | Allocate | process_name = c:\windows\explorer.exe, address = 0xff91d2e9a0, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 1097663179176 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\explorer.exe, os_tid = 0x940 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x9130000, size = 792 |
|
1 | |
| Thread | Set Context | process_name = c:\windows\explorer.exe, os_tid = 0x940 |
|
1 | |
| Module | Unmap | process_name = c:\windows\system32\svchost.exe |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\explorer.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\explorer.exe, os_tid = 0x940 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyA, address_out = 0x7ffb673e6dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Scr, type = REG_NONE |
|
1 |
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:03, Reason: Injection |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:17 |
| Information | Value |
|---|---|
| PID | 0x2b4 |
| Parent PID | 0x478 (c:\windows\system32\userinit.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7A8
0x
7AC
0x
750
0x
87C
0x
BEC
0x
BE8
0x
BE0
0x
BDC
0x
BD8
0x
BA0
0x
B9C
0x
B88
0x
B84
0x
A74
0x
A6C
0x
A68
0x
A64
0x
A50
0x
A40
0x
A38
0x
A30
0x
A2C
0x
A28
0x
A1C
0x
9F8
0x
9C4
0x
9B0
0x
994
0x
990
0x
958
0x
954
0x
94C
0x
944
0x
938
0x
92C
0x
928
0x
91C
0x
900
0x
8FC
0x
8F4
0x
8EC
0x
8E4
0x
8E0
0x
8D4
0x
8D0
0x
8CC
0x
8C8
0x
8C4
0x
8C0
0x
8BC
0x
8B4
0x
8B0
0x
8A8
0x
88C
0x
85C
0x
834
0x
808
0x
804
0x
6E8
0x
414
0x
418
0x
748
0x
74C
0x
73C
0x
710
0x
484
0x
480
0x
650
0x
62C
0x
5E4
0x
57C
0x
5D0
0x
608
0x
588
0x
4F0
0x
940
0x
654
0x
9E4
0x
82C
0x
9CC
0x
B30
0x
7B4
0x
7DC
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| pagefile_0x0000000000170000 | 0x00170000 | 0x0017ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000180000 | 0x00180000 | 0x00186fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000190000 | 0x00190000 | 0x001a3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000001b0000 | 0x001b0000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000230000 | 0x00230000 | 0x00233fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000240000 | 0x00240000 | 0x00242fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000250000 | 0x00250000 | 0x00251fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x00260000 | 0x0031dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000000320000 | 0x00320000 | 0x0039ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003a0000 | 0x003a0000 | 0x003a6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000003b0000 | 0x003b0000 | 0x004affff | Private Memory | Readable, Writable |
|
|
|
|
| explorer.exe.mui | 0x004b0000 | 0x004b7fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000004c0000 | 0x004c0000 | 0x004c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000004f0000 | 0x004f0000 | 0x004f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000500000 | 0x00500000 | 0x00500fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.1.db | 0x00520000 | 0x00523fff | Memory Mapped File | Readable |
|
|
|
|
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db | 0x00530000 | 0x00551fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000560000 | 0x00560000 | 0x00560fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000580000 | 0x00580000 | 0x00707fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000000710000 | 0x00710000 | 0x00890fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000008a0000 | 0x008a0000 | 0x01c9ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000001ca0000 | 0x01ca0000 | 0x01d1ffff | Private Memory | Readable, Writable |
|
|
|
|
| {3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000031.db | 0x01d20000 | 0x01d3afff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000001d40000 | 0x01d40000 | 0x01d4ffff | Private Memory | Readable, Writable |
|
|
|
|
| sortdefault.nls | 0x01d50000 | 0x02086fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000002090000 | 0x02090000 | 0x0210ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002110000 | 0x02110000 | 0x0218ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002190000 | 0x02190000 | 0x0220ffff | Private Memory | Readable, Writable |
|
|
|
|
| shell32.dll.mui | 0x02210000 | 0x02270fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002280000 | 0x02280000 | 0x02282fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002290000 | 0x02290000 | 0x02292fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000022a0000 | 0x022a0000 | 0x022c9fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| kernelbase.dll.mui | 0x022d0000 | 0x023aefff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000023b0000 | 0x023b0000 | 0x0242ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002430000 | 0x02430000 | 0x024affff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000024b0000 | 0x024b0000 | 0x0252ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002530000 | 0x02530000 | 0x02531fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002540000 | 0x02540000 | 0x02541fff | Pagefile Backed Memory | Readable |
|
|
|
|
| oleaccrc.dll | 0x02550000 | 0x02551fff | Memory Mapped File | Readable |
|
|
|
|
| oleaccrc.dll.mui | 0x02560000 | 0x02564fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000002570000 | 0x02570000 | 0x02627fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000002630000 | 0x02630000 | 0x02633fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000002640000 | 0x02640000 | 0x0273ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002740000 | 0x02740000 | 0x0283ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000002840000 | 0x02840000 | 0x02846fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000002850000 | 0x02850000 | 0x02852fff | Pagefile Backed Memory | Readable |
|
|
|
|
| staticcache.dat | 0x02860000 | 0x0389ffff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000038a0000 | 0x038a0000 | 0x038a0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000038b0000 | 0x038b0000 | 0x038b0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000038c0000 | 0x038c0000 | 0x038c0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000038d0000 | 0x038d0000 | 0x038d2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000038e0000 | 0x038e0000 | 0x0395ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003960000 | 0x03960000 | 0x03961fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003970000 | 0x03970000 | 0x03970fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003980000 | 0x03980000 | 0x03980fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003990000 | 0x03990000 | 0x03990fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000039a0000 | 0x039a0000 | 0x039a0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000039b0000 | 0x039b0000 | 0x039bffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000039c0000 | 0x039c0000 | 0x039cffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000039d0000 | 0x039d0000 | 0x039dffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000039e0000 | 0x039e0000 | 0x039e0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000039f0000 | 0x039f0000 | 0x039f0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003a00000 | 0x03a00000 | 0x03a00fff | Private Memory | Readable, Writable |
|
|
|
|
| cversions.1.db | 0x03a10000 | 0x03a13fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003a20000 | 0x03a20000 | 0x03a20fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003a30000 | 0x03a30000 | 0x03a30fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003a40000 | 0x03a40000 | 0x03a40fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003a50000 | 0x03a50000 | 0x03a52fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000003a60000 | 0x03a60000 | 0x03a98fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003aa0000 | 0x03aa0000 | 0x03aa0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003ab0000 | 0x03ab0000 | 0x03ab0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003ac0000 | 0x03ac0000 | 0x03ac2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| stobject.dll.mui | 0x03ad0000 | 0x03ad1fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000003ae0000 | 0x03ae0000 | 0x03ae2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| inputswitch.dll.mui | 0x03af0000 | 0x03af1fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003b00000 | 0x03b00000 | 0x03b00fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003b10000 | 0x03b10000 | 0x03b12fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000003b20000 | 0x03b20000 | 0x03b21fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000003b30000 | 0x03b30000 | 0x03b32fff | Pagefile Backed Memory | Readable |
|
|
|
|
| cversions.2.db | 0x03b40000 | 0x03b43fff | Memory Mapped File | Readable |
|
|
|
|
| {6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db | 0x03b50000 | 0x03b92fff | Memory Mapped File | Readable |
|
|
|
|
| cversions.2.db | 0x03ba0000 | 0x03ba3fff | Memory Mapped File | Readable |
|
|
|
|
| {ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db | 0x03bb0000 | 0x03c3afff | Memory Mapped File | Readable |
|
|
|
|
| propsys.dll.mui | 0x03c40000 | 0x03c50fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000003c60000 | 0x03c60000 | 0x03cdffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003ce0000 | 0x03ce0000 | 0x03d5ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003d60000 | 0x03d60000 | 0x03ddffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003de0000 | 0x03de0000 | 0x03e5ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e60000 | 0x03e60000 | 0x03e60fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003e70000 | 0x03e70000 | 0x03eeffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000003ef0000 | 0x03ef0000 | 0x03f6ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000003f70000 | 0x03f70000 | 0x04461fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004470000 | 0x04470000 | 0x044effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000044f0000 | 0x044f0000 | 0x0456ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004570000 | 0x04570000 | 0x045effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000045f0000 | 0x045f0000 | 0x0466ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004670000 | 0x04670000 | 0x046effff | Private Memory | Readable, Writable |
|
|
|
|
| iconcache_idx.db | 0x046f0000 | 0x046f1fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| iconcache_256.db | 0x04700000 | 0x04700fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| winnlsres.dll | 0x04710000 | 0x04714fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004720000 | 0x04720000 | 0x0479ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000047a0000 | 0x047a0000 | 0x047a0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000047b0000 | 0x047b0000 | 0x047b0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000047c0000 | 0x047c0000 | 0x047c0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000047d0000 | 0x047d0000 | 0x0484ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004850000 | 0x04850000 | 0x04851fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004860000 | 0x04860000 | 0x048dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000048e0000 | 0x048e0000 | 0x0495ffff | Private Memory | Readable, Writable |
|
|
|
|
| iconcache_idx.db | 0x04960000 | 0x04961fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000004970000 | 0x04970000 | 0x04a6ffff | Private Memory | Readable, Writable |
|
|
|
|
| winnlsres.dll.mui | 0x04a70000 | 0x04a7ffff | Memory Mapped File | Readable |
|
|
|
|
| mswsock.dll.mui | 0x04a80000 | 0x04a82fff | Memory Mapped File | Readable |
|
|
|
|
| imageres.dll.mui | 0x04a90000 | 0x04a90fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004aa0000 | 0x04aa0000 | 0x04aa8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004ab0000 | 0x04ab0000 | 0x04ab3fff | Private Memory | Readable, Writable |
|
|
|
|
| thumbcache_idx.db | 0x04ac0000 | 0x04ac1fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| netmsg.dll | 0x04ad0000 | 0x04ad0fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000004ae0000 | 0x04ae0000 | 0x04ae8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004af0000 | 0x04af0000 | 0x04af0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004b00000 | 0x04b00000 | 0x04b7ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004b80000 | 0x04b80000 | 0x04bfffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000004c00000 | 0x04c00000 | 0x04c02fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000004c10000 | 0x04c10000 | 0x04c57fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004c60000 | 0x04c60000 | 0x04ca7fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004cb0000 | 0x04cb0000 | 0x04d2ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000004d30000 | 0x04d30000 | 0x0552ffff | Private Memory | - |
|
|
|
|
| thumbcache_48.db | 0x05530000 | 0x0562ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| netmsg.dll.mui | 0x05630000 | 0x05661fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x0000000005670000 | 0x05670000 | 0x056effff | Private Memory | Readable, Writable |
|
|
|
|
| iconcache_idx.db | 0x056f0000 | 0x056f1fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| iconcache_48.db | 0x05700000 | 0x057fffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000005800000 | 0x05800000 | 0x0587ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005880000 | 0x05880000 | 0x058fffff | Private Memory | Readable, Writable |
|
|
|
|
| thumbcache_idx.db | 0x05900000 | 0x05901fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| thumbcache_48.db | 0x05910000 | 0x05a0ffff | Memory Mapped File | Readable, Writable |
|
|
|
|
| thumbcache_idx.db | 0x05a10000 | 0x05a11fff | Memory Mapped File | Readable, Writable |
|
|
|
|
| private_0x0000000005a20000 | 0x05a20000 | 0x05a68fff | Private Memory | Readable, Writable |
|
|
|
|
| cversions.2.db | 0x05a70000 | 0x05a73fff | Memory Mapped File | Readable |
|
|
|
|
| sndvolsso.dll.mui | 0x05a80000 | 0x05a81fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000005a90000 | 0x05a90000 | 0x05a92fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000005aa0000 | 0x05aa0000 | 0x05aa0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000005ab0000 | 0x05ab0000 | 0x05ab1fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000005ac0000 | 0x05ac0000 | 0x05ac0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000005ad0000 | 0x05ad0000 | 0x05b4ffff | Private Memory | Readable, Writable |
|
|
|
|
| windows.storage.dll.mui | 0x05b50000 | 0x05b57fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000005b60000 | 0x05b60000 | 0x05b62fff | Pagefile Backed Memory | Readable |
|
|
|
|
|
For performance reasons, the remaining 787 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #18: c:\windows\system32\svchost.exe | 0x904 | address = 0x7ffb67629fa0 |
|
1 | |
| Modify Memory | #18: c:\windows\system32\svchost.exe | 0x904 | address = 0x7ffb67629fa0, size = 4 |
|
2 | |
| Modify Memory | #18: c:\windows\system32\svchost.exe | 0x904 | address = 0x9090000, size = 598016 |
|
1 | |
| Modify Memory | #18: c:\windows\system32\svchost.exe | 0x904 | address = 0x9130000, size = 792 |
|
1 | |
| Modify Control Flow | #18: c:\windows\system32\svchost.exe | 0x904 | os_tid = 0x940, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0x908f810 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0x908f810 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0x908f810 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:39 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = IsWow64Process, address_out = 0x7ffb670ee960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb673bd610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb66b30000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrRChrA, address_out = 0x7ffb66b44dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb667c0000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = wsprintfA, address_out = 0x7ffb667e2610 |
|
1 | |
| Mutex | Create | mutex_name = {2B1EAAC7-8E9D-9587-F08F-A2992433F6DD} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Handle | module_name = NTDLL.DLL, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Handle | module_name = kernelbase, base_address = 0x7ffb64a50000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetUserNameA, address_out = 0x7ffb673cec40 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetShellWindow, address_out = 0x7ffb667e4060 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowThreadProcessId, address_out = 0x7ffb667d4040 |
|
1 | |
| Module | Get Handle | module_name = NTDLL.DLL, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Handle | module_name = ADVAPI32.DLL, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = KERNEL32.DLL, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = ADVAPI32.DLL, base_address = 0x7ffb673a0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb66770000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = EnumProcessModules, address_out = 0x7ffb66771040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
63 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:39 (UTC) |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegOpenKeyA, address_out = 0x7ffb673bb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExA, address_out = 0x7ffb673b7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCloseKey, address_out = 0x7ffb673b72e0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrToIntExA, address_out = 0x7ffb66b44e70 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrChrA, address_out = 0x7ffb66b44cc0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrTrimA, address_out = 0x7ffb66b44e80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegCreateKeyA, address_out = 0x7ffb673e6dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, type = REG_BINARY |
|
1 | |
| Module | Load | module_name = ole32.dll, base_address = 0x7ffb66e70000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateStreamOnHGlobal, address_out = 0x7ffb66c170a0 |
|
1 | |
| Module | Load | module_name = ADVAPI32.DLL, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Handle | module_name = ADVAPI32.DLL, base_address = 0x7ffb673a0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| File | Create Pipe | pipe_name = pipe\{d0964750-ef7b-8278-f904-93d63d78776a}, open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, pipe_mode = PIPE_TYPE_MESSAGE, max_instances = 255 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Address | module_name = Unknown module name, function = StrStrIA, address_out = 0x7ffb66b3e1c0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = WINHTTP.dll, base_address = 0x7ffb5d730000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpOpen, address_out = 0x7ffb5d74bc40 |
|
1 | |
| Inet | Open Session | user_agent = Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0, access_type = WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY, flags = WINHTTP_FLAG_SYNC |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrCmpIW, address_out = 0x7ffb66b3be50 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings, value_name = ProxySettingsPerUser |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpConnect, address_out = 0x7ffb5d749550 |
|
1 | |
| Inet | Open Connection | protocol = HTTP, server_name = titanliquor.ca, server_port = 80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpOpenRequest, address_out = 0x7ffb5d749c10 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /images/A/2.tif, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpQueryOption, address_out = 0x7ffb5d731900 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpSetOption, address_out = 0x7ffb5d747a20 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpSendRequest, address_out = 0x7ffb5d748330 |
|
1 | |
| Inet | Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = titanliquor.ca/images/A/2.tif |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpReceiveResponse, address_out = 0x7ffb5d748c80 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpQueryHeaders, address_out = 0x7ffb5d746d90 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_RAW_HEADERS_CRLF |
|
1 | |
| Inet | Query HTTP Info | flags = HTTP_QUERY_RAW_HEADERS_CRLF, size_out = 710 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpQueryDataAvailable, address_out = 0x7ffb5d756ac0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = WinHttpReadData, address_out = 0x7ffb5d744200 |
|
1 | |
| Inet | Read Response | size = 3693, size_out = 3693 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 2280, size_out = 2280 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
4 | |
| Inet | Read Response | size = 1040, size_out = 1040 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 3684, size_out = 3684 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 3684, size_out = 3684 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
2 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 3684, size_out = 3684 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
9 | |
| Inet | Read Response | size = 3792, size_out = 3792 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
15 | |
| Inet | Read Response | size = 2448, size_out = 2448 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 3684, size_out = 3684 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
2 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
8 | |
| Inet | Read Response | size = 3532, size_out = 3532 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
3 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 3684, size_out = 3684 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 3164, size_out = 3164 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 2232, size_out = 2232 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
11 | |
| Inet | Read Response | size = 1408, size_out = 1408 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
53 | |
| Inet | Read Response | size = 3616, size_out = 3616 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 260, size_out = 260 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
1 | |
| Inet | Read Response | size = 1712, size_out = 1712 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 1972, size_out = 1972 |
|
1 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
2 | |
| Inet | Read Response | size = 1452, size_out = 1452 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
3 | |
| Inet | Read Response | size = 780, size_out = 780 |
|
1 | |
| Inet | Read Response | size = 2904, size_out = 2904 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
4 | |
| Inet | Read Response | size = 3944, size_out = 3944 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 520, size_out = 520 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
2 | |
| Inet | Read Response | size = 3424, size_out = 3424 |
|
1 | |
| Inet | Read Response | size = 4096, size_out = 4096 |
|
499 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Create | filename = C:\Windows\system32\c_1252.nls, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\c_1252.nls, type = time |
|
1 | |
| File | Create | filename = C:\Windows\system32\c_1252.nls, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\c_1252.nls, type = time |
|
1 | |
| File | Create | filename = C:\Windows\system32\c_1252.nls, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\c_1252.nls, type = time |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegQueryValueExW, address_out = 0x7ffb673b6c70 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = Accocca, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = Accocca, data = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Amsisigd\Chakmcat.exe, type = REG_SZ |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrChrW, address_out = 0x7ffb66b3a2a0 |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Amsisigd\Chakmcat.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathCombineW, address_out = 0x7ffb66b3d130 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = StrRChrW, address_out = 0x7ffb66b3dd80 |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, type = size |
|
1 | |
| File | Read | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, size = 11513, size_out = 11513 |
|
1 | |
| File | Create | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| File | Write | filename = C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Mozilla\Firefox\Profiles\8i341t8m.default\prefs.js, size = 48 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegSetValueExA, address_out = 0x7ffb673a2680 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings, value_name = EnableSPDY3_0, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Module | Get Handle | module_name = kernelbase, base_address = 0x7ffb64a50000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
191 | |
| Process | Open | desired_access = PROCESS_QUERY_INFORMATION |
|
1 | |
| Process | Open | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RtlExitUserThread, address_out = 0x7ffb67629fa0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateRemoteThread, address_out = 0x7ffb671126d0 |
|
1 | |
| Thread | Create | process_name = c:\windows\system32\runtimebroker.exe, proc_address = 0x7ffb67629fa0, proc_parameter = 0, flags = THREAD_CREATE_SUSPENDED |
|
1 | |
| Memory | Read | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | os_tid = 0xb2c |
|
1 | |
| Thread | Suspend | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xb2c |
|
1 | |
| Thread | Get Context | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xb2c |
|
1 | |
| Module | Create Mapping | protection = PAGE_EXECUTE_READWRITE, maximum_size = 153416944 |
|
1 | |
| Module | Map | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x9450000 |
|
1 | |
| Module | Map | process_name = c:\windows\system32\runtimebroker.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0xfa3ba00000 |
|
1 | |
| Module | Get Handle | module_name = NTDLL.DLL, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Filename | module_name = NTDLL.DLL, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = NTDLL.DLL, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Module | Get Filename | module_name = NTDLL.DLL, process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
1 | |
| File | Create | filename = C:\Windows\SYSTEM32\ntdll.dll, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Read | filename = C:\Windows\SYSTEM32\ntdll.dll, size = 4, size_out = 4 |
|
1 | |
| Thread | Get Context | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xb2c |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0xfa398d0000, size = 792 |
|
1 | |
| Thread | Set Context | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xb2c |
|
1 | |
| Module | Unmap | process_name = c:\windows\explorer.exe |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
1 | |
| Memory | Write | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, size = 4 |
|
1 | |
| Memory | Protect | process_name = c:\windows\system32\runtimebroker.exe, address = 0x7ffb67629fa0, protection = PAGE_EXECUTE_READ, size = 4 |
|
1 | |
| Thread | Resume | process_name = c:\windows\system32\runtimebroker.exe, os_tid = 0xb2c |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 35765 |
|
1 | |
| Module | Get Handle | module_name = Unknown module name, base_address = 0x7ff77f080000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = RegisterClassA, address_out = 0x7ffb667e1310 |
|
1 | |
| Module | Get Handle | module_name = Unknown module name, base_address = 0x7ff77f080000 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = CreateWindowExA, address_out = 0x7ffb667e4df0 |
|
1 | |
| Window | Create | class_name = {0A62B810-AC2F-6BC2-4439-B87D16D3AAB7}, wndproc_parameter = 151783776 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetWindowLongPtrA, address_out = 0x7ffb667ccae0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DefWindowProcA, address_out = 0x7ffb676b3230 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = SetWindowLongPtrA, address_out = 0x7ffb667d61f0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = GetMessageA, address_out = 0x7ffb667daa50 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = TranslateMessage, address_out = 0x7ffb667d36a0 |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = DispatchMessageA, address_out = 0x7ffb667e61e0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Mutex | Open | mutex_name = Local\{14572DFD-6357-66D5-8D88-47FA113C6BCE}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Local\{14572DFD-6357-66D5-8D88-47FA113C6BCE} |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| Module | Get Address | module_name = Unknown module name, function = PathFindFileNameA, address_out = 0x7ffb66b3cf30 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = {C2A3A3DE-3990-44FC-D316-7DB8B7AA016C}, type = REG_BINARY |
|
2 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:41 (UTC) |
|
1 | |
| Mutex | Open | mutex_name = Local\{2EBE0010-B5EF-903D-AF42-B9C45396FD38}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Local\{2EBE0010-B5EF-903D-AF42-B9C45396FD38} |
|
1 | |
| Mutex | Open | mutex_name = Local\{CC210EB6-BBF2-DEC8-A5C0-1FF2A9F4C346}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Local\{CC210EB6-BBF2-DEC8-A5C0-1FF2A9F4C346} |
|
1 | |
| Mutex | Release | mutex_name = Local\{14572DFD-6357-66D5-8D88-47FA113C6BCE} |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\syswow64\runonce.exe |
| Command Line | C:\Windows\SysWOW64\runonce.exe /Run6432 |
| Initial Working Directory | C:\Windows\SysWOW64\ |
| Monitor | Start Time: 00:02:03, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:17 |
| Remarks | No high level activity detected in monitored regions |
| Information | Value |
|---|---|
| PID | 0x190 |
| Parent PID | 0x2b4 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
278
0x
9B0
0x
744
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x00000000004e0000 | 0x004e0000 | 0x004fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x004effff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x00000000004f0000 | 0x004f0000 | 0x004f3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000500000 | 0x00500000 | 0x00500fff | Private Memory | Readable, Writable |
|
|
|
|
| runonce.exe.mui | 0x00500000 | 0x00500fff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x0000000000510000 | 0x00510000 | 0x00523fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000530000 | 0x00530000 | 0x0056ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000570000 | 0x00570000 | 0x005affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00000000005b0000 | 0x005b0000 | 0x005b3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00000000005c0000 | 0x005c0000 | 0x005c2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00000000005d0000 | 0x005d0000 | 0x005d1fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x005e0000 | 0x0069dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x00000000006a0000 | 0x006a0000 | 0x006dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000006e0000 | 0x006e0000 | 0x006effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000006f0000 | 0x006f0000 | 0x0072ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000730000 | 0x00730000 | 0x00730fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000740000 | 0x00740000 | 0x00740fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x0000000000760000 | 0x00760000 | 0x00761fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x0000000000770000 | 0x00770000 | 0x007a3fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00000000007b0000 | 0x007b0000 | 0x007effff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000820000 | 0x00820000 | 0x0091ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000920000 | 0x00920000 | 0x0095ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x0000000000a20000 | 0x00a20000 | 0x00a2ffff | Private Memory | Readable, Writable |
|
|
|
|
| runonce.exe | 0x00a90000 | 0x00a9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x04a9ffff | Pagefile Backed Memory | - |
|
|
|
|
| pagefile_0x0000000004aa0000 | 0x04aa0000 | 0x04c27fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004c30000 | 0x04c30000 | 0x04db0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x0000000004dc0000 | 0x04dc0000 | 0x061bffff | Pagefile Backed Memory | Readable |
|
|
|
|
| wow64win.dll | 0x650f0000 | 0x65162fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64cpu.dll | 0x65170000 | 0x65177fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wow64.dll | 0x65180000 | 0x651cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x741d0000 | 0x74244fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| comctl32.dll | 0x74250000 | 0x74458fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x74460000 | 0x744b8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x744c0000 | 0x744c9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x744d0000 | 0x744edfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x74550000 | 0x746c5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x74890000 | 0x75c4efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x75c50000 | 0x75c93fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x75d10000 | 0x75d8afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x75d90000 | 0x75dbafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x75dc0000 | 0x75efffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x75fa0000 | 0x760ecfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x76140000 | 0x7622ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x76230000 | 0x7634ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x76350000 | 0x76439fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x764e0000 | 0x76523fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x76530000 | 0x7653bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x76750000 | 0x76c2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x76c30000 | 0x76c3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x76c40000 | 0x76cfdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x76f00000 | 0x770b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x771e0000 | 0x7726cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x77270000 | 0x7731bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x77320000 | 0x77362fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x773c0000 | 0x77538fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x000000007ea7d000 | 0x7ea7d000 | 0x7ea7ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000007ea80000 | 0x7ea80000 | 0x7eb7ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000007eb80000 | 0x7eb80000 | 0x7eba2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000007eba5000 | 0x7eba5000 | 0x7eba5fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007eba8000 | 0x7eba8000 | 0x7ebaafff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ebab000 | 0x7ebab000 | 0x7ebadfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ebae000 | 0x7ebae000 | 0x7ebaefff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000007fff0000 | 0x7fff0000 | 0x7dfb6761ffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x00007dfb67620000 | 0x7dfb67620000 | 0x7ffb6761ffff | Pagefile Backed Memory | - |
|
|
|
|
| ntdll.dll | 0x7ffb67620000 | 0x7ffb677e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007ffb677e2000 | 0x7ffb677e2000 | 0x7ffffffeffff | Private Memory | Readable |
|
|
|
|
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\program files\microsoft office\root\office16\onenotem.exe |
| Command Line | "C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:04, Reason: Child Process |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:16 |
| Remarks | No high level activity detected in monitored regions |
| Information | Value |
|---|---|
| PID | 0x11c |
| Parent PID | 0x2b4 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
858
0x
7CC
0x
75C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| private_0x000000141b670000 | 0x141b670000 | 0x141b68ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000141b670000 | 0x141b670000 | 0x141b67ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000141b680000 | 0x141b680000 | 0x141b686fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000141b690000 | 0x141b690000 | 0x141b6a3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000141b6b0000 | 0x141b6b0000 | 0x141b7affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000141b7b0000 | 0x141b7b0000 | 0x141b7b3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000141b7c0000 | 0x141b7c0000 | 0x141b7c0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000141b7d0000 | 0x141b7d0000 | 0x141b7d1fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0x141b7e0000 | 0x141b89dfff | Memory Mapped File | Readable |
|
|
|
|
| pagefile_0x000000141b8a0000 | 0x141b8a0000 | 0x141b8a0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000141b8b0000 | 0x141b8b0000 | 0x141b8b0fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000141b8c0000 | 0x141b8c0000 | 0x141b8c6fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141b8d0000 | 0x141b8d0000 | 0x141b9cffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141b9d0000 | 0x141b9d0000 | 0x141bacffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141bad0000 | 0x141bad0000 | 0x141bad0fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141bae0000 | 0x141bae0000 | 0x141bae0fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000141baf0000 | 0x141baf0000 | 0x141baf0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000141bb00000 | 0x141bb00000 | 0x141bbfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141bc00000 | 0x141bc00000 | 0x141bc00fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141bc10000 | 0x141bc10000 | 0x141bc10fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000141bc20000 | 0x141bc20000 | 0x141bc21fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000141bc30000 | 0x141bc30000 | 0x141bc3ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000141bc40000 | 0x141bc40000 | 0x141bdc7fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000141bdd0000 | 0x141bdd0000 | 0x141bf50fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000141bf60000 | 0x141bf60000 | 0x141d35ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0x141d360000 | 0x141d696fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000141d720000 | 0x141d720000 | 0x141d72ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000141d7a0000 | 0x141d7a0000 | 0x141d7affff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00007ff7ae2d0000 | 0x7ff7ae2d0000 | 0x7ff7ae3cffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff7ae3d0000 | 0x7ff7ae3d0000 | 0x7ff7ae3f2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff7ae3fb000 | 0x7ff7ae3fb000 | 0x7ff7ae3fbfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff7ae3fc000 | 0x7ff7ae3fc000 | 0x7ff7ae3fdfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff7ae3fe000 | 0x7ff7ae3fe000 | 0x7ff7ae3fffff | Private Memory | Readable, Writable |
|
|
|
|
| onenotem.exe | 0x7ff7ae8a0000 | 0x7ff7ae8cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| vcruntime140.dll | 0x7ffb557b0000 | 0x7ffb557c6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| c2r64.dll | 0x7ffb58bd0000 | 0x7ffb58cf8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| appvisvsubsystems64.dll | 0x7ffb58d00000 | 0x7ffb58f35fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| appvisvstream64.dll | 0x7ffb59070000 | 0x7ffb590e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msi.dll | 0x7ffb5da60000 | 0x7ffb5dd9cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdiplus.dll | 0x7ffb5dda0000 | 0x7ffb5df48fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ucrtbase.dll | 0x7ffb5fed0000 | 0x7ffb5ffc1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msimg32.dll | 0x7ffb61ef0000 | 0x7ffb61ef6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x7ffb627a0000 | 0x7ffb62817fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7ffb62920000 | 0x7ffb629b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x7ffb63600000 | 0x7ffb6361efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x7ffb63a90000 | 0x7ffb63a9afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x7ffb63e70000 | 0x7ffb63e97fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x7ffb63ea0000 | 0x7ffb63f0afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x7ffb64050000 | 0x7ffb64062fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x7ffb64070000 | 0x7ffb640b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x7ffb640c0000 | 0x7ffb640cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x7ffb64140000 | 0x7ffb64767fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb64a50000 | 0x7ffb64c2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x7ffb64c30000 | 0x7ffb64ce2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7ffb64cf0000 | 0x7ffb64dadfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb64f80000 | 0x7ffb65104fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7ffb65110000 | 0x7ffb66634fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb66640000 | 0x7ffb66765fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb66780000 | 0x7ffb667b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb667c0000 | 0x7ffb6690dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7ffb66b30000 | 0x7ffb66b80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x7ffb66bf0000 | 0x7ffb66e6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7ffb66e70000 | 0x7ffb66fb0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb670d0000 | 0x7ffb6717cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb672d0000 | 0x7ffb6736cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7ffb673a0000 | 0x7ffb67445fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb67450000 | 0x7ffb675abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007ffb675b0000 | 0x7ffb675b0000 | 0x7ffb675bffff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb675c0000 | 0x7ffb6761afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb67620000 | 0x7ffb677e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\runtimebroker.exe |
| Command Line | C:\Windows\System32\RuntimeBroker.exe -Embedding |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:05, Reason: Injection |
| Unmonitor | End Time: 00:02:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:15 |
| Information | Value |
|---|---|
| PID | 0x6e0 |
| Parent PID | 0x23c (c:\windows\system32\svchost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Groups |
|
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B8C
0x
B6C
0x
B64
0x
9F0
0x
848
0x
83C
0x
838
0x
4FC
0x
5B4
0x
4CC
0x
B2C
0x
99C
|
| Name | Start VA | End VA | Type | Permissions | Monitored | Dump | YARA Match | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
|
| pagefile_0x000000fa39370000 | 0xfa39370000 | 0xfa3937ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39380000 | 0xfa39380000 | 0xfa39380fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa39390000 | 0xfa39390000 | 0xfa393a3fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000fa393b0000 | 0xfa393b0000 | 0xfa3942ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa39430000 | 0xfa39430000 | 0xfa39433fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000fa39440000 | 0xfa39440000 | 0xfa39441fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000fa39450000 | 0xfa39450000 | 0xfa39451fff | Private Memory | Readable, Writable |
|
|
|
|
| locale.nls | 0xfa39460000 | 0xfa3951dfff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000fa39520000 | 0xfa39520000 | 0xfa39520fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa39530000 | 0xfa39530000 | 0xfa39530fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000fa39540000 | 0xfa39540000 | 0xfa39540fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x000000fa39550000 | 0xfa39550000 | 0xfa39556fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39560000 | 0xfa39560000 | 0xfa395dffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa395e0000 | 0xfa395e0000 | 0xfa395e2fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000fa395f0000 | 0xfa395f0000 | 0xfa395f0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39600000 | 0xfa39600000 | 0xfa396fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39700000 | 0xfa39700000 | 0xfa3977ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39780000 | 0xfa39780000 | 0xfa397fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39800000 | 0xfa39800000 | 0xfa3987ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa39880000 | 0xfa39880000 | 0xfa39880fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39890000 | 0xfa39890000 | 0xfa39896fff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa398a0000 | 0xfa398a0000 | 0xfa398c9fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa398d0000 | 0xfa398d0000 | 0xfa398d0fff | Private Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000fa398e0000 | 0xfa398e0000 | 0xfa398e8fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa398f0000 | 0xfa398f0000 | 0xfa398f1fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa39900000 | 0xfa39900000 | 0xfa399fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa39a00000 | 0xfa39a00000 | 0xfa39b87fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000fa39b90000 | 0xfa39b90000 | 0xfa39d10fff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x000000fa39d20000 | 0xfa39d20000 | 0xfa3b11ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| sortdefault.nls | 0xfa3b120000 | 0xfa3b456fff | Memory Mapped File | Readable |
|
|
|
|
| private_0x000000fa3b460000 | 0xfa3b460000 | 0xfa3b4dffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b4e0000 | 0xfa3b4e0000 | 0xfa3b55ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b590000 | 0xfa3b590000 | 0xfa3b596fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b600000 | 0xfa3b600000 | 0xfa3b6fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b700000 | 0xfa3b700000 | 0xfa3b7fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b800000 | 0xfa3b800000 | 0xfa3b87ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b880000 | 0xfa3b880000 | 0xfa3b8fffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b900000 | 0xfa3b900000 | 0xfa3b97ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3b980000 | 0xfa3b980000 | 0xfa3b9fffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x000000fa3ba00000 | 0xfa3ba00000 | 0xfa3ba91fff | Pagefile Backed Memory | Readable, Writable, Executable |
|
|
|
|
| private_0x000000fa3baa0000 | 0xfa3baa0000 | 0xfa3bc9ffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3bb00000 | 0xfa3bb00000 | 0xfa3bbfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3bc00000 | 0xfa3bc00000 | 0xfa3bdfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3bc00000 | 0xfa3bc00000 | 0xfa3bcfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3bd00000 | 0xfa3bd00000 | 0xfa3befffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3bd00000 | 0xfa3bd00000 | 0xfa3bdfffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3be00000 | 0xfa3be00000 | 0xfa3bffffff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x000000fa3be00000 | 0xfa3be00000 | 0xfa3befffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00007df5ff7f0000 | 0x7df5ff7f0000 | 0x7ff5ff7effff | Pagefile Backed Memory | - |
|
|
|
|
| ntoskrnl.exe | 0x7ff644bc0000 | 0x7ff645411fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00007ff67ce16000 | 0x7ff67ce16000 | 0x7ff67ce17fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67ce18000 | 0x7ff67ce18000 | 0x7ff67ce19fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67ce1a000 | 0x7ff67ce1a000 | 0x7ff67ce1bfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67ce1c000 | 0x7ff67ce1c000 | 0x7ff67ce1dfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67ce1e000 | 0x7ff67ce1e000 | 0x7ff67ce1ffff | Private Memory | Readable, Writable |
|
|
|
|
| pagefile_0x00007ff67ce20000 | 0x7ff67ce20000 | 0x7ff67cf1ffff | Pagefile Backed Memory | Readable |
|
|
|
|
| pagefile_0x00007ff67cf20000 | 0x7ff67cf20000 | 0x7ff67cf42fff | Pagefile Backed Memory | Readable |
|
|
|
|
| private_0x00007ff67cf43000 | 0x7ff67cf43000 | 0x7ff67cf44fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67cf45000 | 0x7ff67cf45000 | 0x7ff67cf46fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67cf47000 | 0x7ff67cf47000 | 0x7ff67cf48fff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67cf49000 | 0x7ff67cf49000 | 0x7ff67cf4afff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67cf4b000 | 0x7ff67cf4b000 | 0x7ff67cf4cfff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67cf4d000 | 0x7ff67cf4d000 | 0x7ff67cf4efff | Private Memory | Readable, Writable |
|
|
|
|
| private_0x00007ff67cf4f000 | 0x7ff67cf4f000 | 0x7ff67cf4ffff | Private Memory | Readable, Writable |
|
|
|
|
| runtimebroker.exe | 0x7ff67d5a0000 | 0x7ff67d5b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.networking.hostname.dll | 0x7ffb525e0000 | 0x7ffb52617fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| authbroker.dll | 0x7ffb530d0000 | 0x7ffb530f5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msauserext.dll | 0x7ffb53100000 | 0x7ffb53119fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.security.authentication.onlineid.dll | 0x7ffb53190000 | 0x7ffb53242fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.internal.shell.broker.dll | 0x7ffb53f10000 | 0x7ffb53fa1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wwapi.dll | 0x7ffb55310000 | 0x7ffb55325fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.networking.connectivity.dll | 0x7ffb553a0000 | 0x7ffb5544bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| tokenbroker.dll | 0x7ffb574c0000 | 0x7ffb57585fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| execmodelproxy.dll | 0x7ffb57770000 | 0x7ffb57784fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| execmodelclient.dll | 0x7ffb57990000 | 0x7ffb579d2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| actxprxy.dll | 0x7ffb57bf0000 | 0x7ffb58059fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wininet.dll | 0x7ffb58370000 | 0x7ffb58616fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| idstore.dll | 0x7ffb58b80000 | 0x7ffb58ba6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| npmproxy.dll | 0x7ffb59af0000 | 0x7ffb59afdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wlanapi.dll | 0x7ffb5a1a0000 | 0x7ffb5a1fefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netprofm.dll | 0x7ffb5a510000 | 0x7ffb5a54efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.ui.immersive.dll | 0x7ffb5b850000 | 0x7ffb5ba06fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mrmcorer.dll | 0x7ffb5ce30000 | 0x7ffb5cf3efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wintypes.dll | 0x7ffb60640000 | 0x7ffb60770fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samlib.dll | 0x7ffb60780000 | 0x7ffb6079bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| samcli.dll | 0x7ffb60b80000 | 0x7ffb60b97fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| propsys.dll | 0x7ffb60c60000 | 0x7ffb60de2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| mmdevapi.dll | 0x7ffb60df0000 | 0x7ffb60e61fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wkscli.dll | 0x7ffb60f50000 | 0x7ffb60f65fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| winnsi.dll | 0x7ffb61880000 | 0x7ffb6188afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| iphlpapi.dll | 0x7ffb618a0000 | 0x7ffb618d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| wtsapi32.dll | 0x7ffb61d70000 | 0x7ffb61d82fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sppc.dll | 0x7ffb61e00000 | 0x7ffb61e24fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| slc.dll | 0x7ffb61e30000 | 0x7ffb61e55fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| coremessaging.dll | 0x7ffb62300000 | 0x7ffb623c7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| uxtheme.dll | 0x7ffb62920000 | 0x7ffb629b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| devobj.dll | 0x7ffb629c0000 | 0x7ffb629e6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| twinapi.appcore.dll | 0x7ffb62b00000 | 0x7ffb62bedfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| netutils.dll | 0x7ffb632a0000 | 0x7ffb632abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rsaenh.dll | 0x7ffb63510000 | 0x7ffb63542fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| userenv.dll | 0x7ffb63600000 | 0x7ffb6361efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptsp.dll | 0x7ffb63920000 | 0x7ffb63936fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cryptbase.dll | 0x7ffb63a90000 | 0x7ffb63a9afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sspicli.dll | 0x7ffb63c70000 | 0x7ffb63c9bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcrypt.dll | 0x7ffb63e70000 | 0x7ffb63e97fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| bcryptprimitives.dll | 0x7ffb63ea0000 | 0x7ffb63f0afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sxs.dll | 0x7ffb63f10000 | 0x7ffb63fa7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| profapi.dll | 0x7ffb64050000 | 0x7ffb64062fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| powrprof.dll | 0x7ffb64070000 | 0x7ffb640b9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel.appcore.dll | 0x7ffb640c0000 | 0x7ffb640cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msasn1.dll | 0x7ffb640d0000 | 0x7ffb640e0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| cfgmgr32.dll | 0x7ffb640f0000 | 0x7ffb64133fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| windows.storage.dll | 0x7ffb64140000 | 0x7ffb64767fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| crypt32.dll | 0x7ffb64770000 | 0x7ffb64930fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernelbase.dll | 0x7ffb64a50000 | 0x7ffb64c2cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shcore.dll | 0x7ffb64c30000 | 0x7ffb64ce2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| oleaut32.dll | 0x7ffb64cf0000 | 0x7ffb64dadfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| gdi32.dll | 0x7ffb64f80000 | 0x7ffb65104fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shell32.dll | 0x7ffb65110000 | 0x7ffb66634fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| rpcrt4.dll | 0x7ffb66640000 | 0x7ffb66765fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| psapi.dll | 0x7ffb66770000 | 0x7ffb66777fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| imm32.dll | 0x7ffb66780000 | 0x7ffb667b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| user32.dll | 0x7ffb667c0000 | 0x7ffb6690dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| shlwapi.dll | 0x7ffb66b30000 | 0x7ffb66b80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| combase.dll | 0x7ffb66bf0000 | 0x7ffb66e6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ole32.dll | 0x7ffb66e70000 | 0x7ffb66fb0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| clbcatq.dll | 0x7ffb67020000 | 0x7ffb670c4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| kernel32.dll | 0x7ffb670d0000 | 0x7ffb6717cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msvcrt.dll | 0x7ffb672d0000 | 0x7ffb6736cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| nsi.dll | 0x7ffb67390000 | 0x7ffb67397fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| advapi32.dll | 0x7ffb673a0000 | 0x7ffb67445fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| msctf.dll | 0x7ffb67450000 | 0x7ffb675abfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| sechost.dll | 0x7ffb675c0000 | 0x7ffb6761afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| ntdll.dll | 0x7ffb67620000 | 0x7ffb677e1fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| Injection Type | Source Process | Source Os Thread ID | Injection Info | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #19: c:\windows\explorer.exe | 0x9e4 | address = 0x7ffb67629fa0 |
|
1 | |
| Modify Memory | #19: c:\windows\explorer.exe | 0x9e4 | address = 0x7ffb67629fa0, size = 4 |
|
2 | |
| Modify Memory | #19: c:\windows\explorer.exe | 0x9e4 | address = 0xfa3ba00000, size = 598016 |
|
1 | |
| Modify Memory | #19: c:\windows\explorer.exe | 0x9e4 | address = 0xfa398d0000, size = 792 |
|
1 | |
| Modify Control Flow | #19: c:\windows\explorer.exe | 0x9e4 | os_tid = 0xb2c, address = 0x0 |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = ntdll.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = _snprintf, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = sprintf, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ZwOpenProcess, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ZwOpenProcessToken, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ZwClose, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationToken, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = strcpy, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = NtQuerySystemInformation, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = memcpy, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = _wcsupr, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = _strupr, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = memmove, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = memset, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = wcscpy, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ZwQueryKey, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = wcstombs, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = mbstowcs, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RtlImageNtHeader, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = NtMapViewOfSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = NtCreateSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = __C_specific_handler, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = __chkstk, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Load | module_name = KERNEL32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = CreateFileMappingA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SetFilePointerEx, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = QueueUserWorkItem, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = VirtualProtectEx, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetComputerNameW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FindNextFileA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CompareFileTime, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FindFirstFileA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetFileTime, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetCurrentProcessId, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = QueryPerformanceCounter, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateDirectoryA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetLastError, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = HeapFree, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CloseHandle, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = LoadLibraryA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateFileA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = DeleteFileA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcpyA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrlenA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcatA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = WriteFile, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = HeapAlloc, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = HeapDestroy, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = HeapCreate, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SetEvent, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = HeapReAlloc, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = WaitForSingleObject, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SuspendThread, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = OpenProcess, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ResumeThread, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcpyW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcmpiW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetModuleHandleA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateThread, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateFileW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SwitchToThread, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcatW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = Sleep, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetTickCount, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SetWaitableTimer, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CopyFileW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetCurrentThreadId, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetCurrentThread, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = DuplicateHandle, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrlenW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateEventA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = DeleteFileW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateDirectoryW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetTempPathA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcmpiA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = WaitForMultipleObjects, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcmpA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ResetEvent, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateMutexA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = OpenWaitableTimerA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = MapViewOfFile, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = OpenMutexA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = UnmapViewOfFile, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ReleaseMutex, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetVersionExA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateWaitableTimerA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SetLastError, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = InitializeCriticalSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = EnterCriticalSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = LeaveCriticalSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = VirtualAlloc, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = UnregisterWait, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = VirtualProtect, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RegisterWaitForSingleObject, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = TlsAlloc, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = TlsGetValue, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = LoadLibraryExW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = TlsSetValue, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetProcAddress, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetDriveTypeW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = WideCharToMultiByte, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = OpenFileMappingA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetExitCodeProcess, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = LocalFree, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateProcessA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetFileSize, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = lstrcpynA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = Thread32First, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = QueueUserAPC, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = OpenThread, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = Thread32Next, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ConnectNamedPipe, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetOverlappedResult, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CancelIo, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = DisconnectNamedPipe, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FlushFileBuffers, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CallNamedPipeA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = CreateNamedPipeA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetSystemTime, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = WaitNamedPipeA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ReadFile, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SleepEx, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = OpenEventA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = LocalAlloc, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FreeLibrary, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RaiseException, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = VirtualFree, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetModuleFileNameW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetVersion, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetLocalTime, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = QueryPerformanceFrequency, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = DeleteCriticalSection, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetTempFileNameA, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FindNextFileW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SetEndOfFile, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = SetFilePointer, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FindFirstFileW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = RemoveDirectoryW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = GetFileAttributesW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = FindClose, ordinal = 0, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Load | module_name = OLEAUT32.dll, base_address = 0x0 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 9, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 6, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 2, address_out = 0xfa3b9ffb60 |
|
1 | |
| Module | Get Address | function = 0, ordinal = 8, address_out = 0xfa3b9ffb60 |
|
1 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:41 (UTC) |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | module_name = OLEAUT32.dll, process_name = c:\windows\system32\runtimebroker.exe, file_name_orig = C:\Windows\System32\RuntimeBroker.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsWow64Process, address_out = 0x7ffb670ee960 |
|
1 | |
| Module | Load | module_name = ADVAPI32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7ffb673bd610 |
|
1 | |
| Module | Load | module_name = SHLWAPI.dll, base_address = 0x7ffb66b30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrRChrA, address_out = 0x7ffb66b44dd0 |
|
1 | |
| Module | Load | module_name = USER32.dll, base_address = 0x7ffb667c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = wsprintfA, address_out = 0x7ffb667e2610 |
|
1 | |
| Mutex | Create | mutex_name = {67DC9F31-9A2E-31AD-DC8B-6EF5D0EF82F9} |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernelbase.dll, base_address = 0x7ffb64a50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = GetUserNameA, address_out = 0x7ffb673cec40 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ntdll.dll, base_address = 0x7ffb67620000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ffb670d0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\advapi32.dll, base_address = 0x7ffb673a0000 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Module | Load | module_name = PSAPI.DLL, base_address = 0x7ffb66770000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\psapi.dll, function = EnumProcessModules, address_out = 0x7ffb66771040 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
63 | |
| System | Get Time | type = System Time, time = 2017-12-11 05:44:41 (UTC) |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegOpenKeyA, address_out = 0x7ffb673bb9e0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegQueryValueExA, address_out = 0x7ffb673b7dd0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Ini, type = REG_NONE |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCloseKey, address_out = 0x7ffb673b72e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrToIntExA, address_out = 0x7ffb66b44e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrChrA, address_out = 0x7ffb66b44cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\shlwapi.dll, function = StrTrimA, address_out = 0x7ffb66b44e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\advapi32.dll, function = RegCreateKeyA, address_out = 0x7ffb673e6dc0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Client, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\07430283-BA24-D1EC-FC2B-8E95F08FA299, value_name = Scr, type = REG_NONE |
|
1 |
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Sleep | duration = -1 (infinite) |
|
1 |
