UNNAM3D - RANSM.exe
Windows Exe (x86-32)
Created at 2019-03-31T21:12:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: unnam3d - ransm.exe
421
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\unnam3d - ransm.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:25, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:33, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe64 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EB4
0x
4F0
0x
60
0x
B6C
0x
F50
0x
BEC
0x
490
0x
260
0x
8F0
0x
1A4
0x
2D0
0x
3CC
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| clrjit.dll | 0x74330000 | 0x743AFFFF | Marked Writable | - | 32-bit | - |
|
|
| buffer | 0x049D0000 | 0x049D0FFF | First Execution | - | 32-bit | 0x049D0000 |
|
|
| clrjit.dll | 0x74330000 | 0x743AFFFF | Content Changed | - | 32-bit | 0x7439A2A6, 0x74369E12 |
|
|
| clrjit.dll | 0x74330000 | 0x743AFFFF | Content Changed | - | 32-bit | 0x74391000 |
|
|
| buffer | 0x06567000 | 0x06567FFF | First Execution | - | 32-bit | 0x06567000 |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | 2.17 MB |
MD5:
1e3a2a966f593ad33125f26916267008
SHA1: 38b1a547ddee671edeee7385cac138458a6a6858 SHA256: b18c9b9200e354f81882b29dc8143ec5d6f2b731cf4c7da3800e339ffb3c8827 SSDeep: 49152:m2IoCBtJnxlyU/mWhRcQYhie6/UIdjjQuctXnFDu3nAzNjteyUHBdH3y2:xrCBrtcy/lfkD0nANte9BpC2 |
|
|
| c:\users\fd1hvy\appdata\local\temp\wallpaper.png | 679.01 KB |
MD5:
4eaf9cbc1438214622460aa18fbf050d
SHA1: 543c921d0f75bb5a8a9cd1bf1096d2d0af69170e SHA256: a935f1af2674e6577a02f7b2f53ad98612fd55dd2f3f51cb476767c01f4076e8 SSDeep: 12288:whHUpY2wdt2pD5969U59o6xM4T1GFg6qaUlZCZSjX4lZuuS+L+26TCNYBuGAR:va2K2pD596mzosrGFg6qao0SjXGuu/+S |
|
|
Host Behavior
File (30)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = file_type |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe.config | type = file_attributes |
|
3 | |
| Get Info | C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | type = file_type |
|
2 | |
| Get Info | C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | type = file_type |
|
2 | |
| Read | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | size = 4096, size_out = 4096 |
|
8 | |
| Read | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | size = 4096, size_out = 3215 |
|
1 | |
| Read | C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | size = 2876416, size_out = 2876416 |
|
1 | |
| Write | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | size = 2276568 |
|
1 |
Registry (6)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 |
Process (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 | |
| Create | cmd.exe | show_window = SW_HIDE |
|
1 |
Module (159)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | mscorjit.dll | base_address = 0x0 |
|
1 | |
| Load | clrjit.dll | base_address = 0x74330000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x742a0000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x6fbc0000 |
|
1 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x74b70000 |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\unnam3d - ransm.exe | base_address = 0xd0000 |
|
14 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll | base_address = 0x742a0000 |
|
58 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll | base_address = 0x6fbc0000 |
|
10 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\ntdll.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNELBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\apphelp.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcrt.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\sechost.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\RPCRT4.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SspiCli.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\bcryptPrimitives.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SHLWAPI.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\combase.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ucrtbase.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\GDI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\gdi32full.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcp_win.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\USER32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\win32u.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\IMM32.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\kernel.appcore.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\VERSION.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\f12799647dc4f4abd2f0f17790337f04\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ole32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\OLEAUT32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fcfb8bac8ea9a0e69d72c350b22f8e3f\System.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\psapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\ntdll.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNELBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\apphelp.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcrt.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\sechost.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\RPCRT4.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SspiCli.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\bcryptPrimitives.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SHLWAPI.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\combase.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ucrtbase.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\GDI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\gdi32full.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcp_win.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\USER32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\win32u.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\IMM32.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\kernel.appcore.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\VERSION.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\f12799647dc4f4abd2f0f17790337f04\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ole32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\OLEAUT32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fcfb8bac8ea9a0e69d72c350b22f8e3f\System.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\psapi.dll, size = 2048 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll | function = getJit, address_out = 0x74383d60 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x74600140 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (42)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | UNNAM3D - R@NSOMEWARE! | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Discord: UNNAM3D#6666 | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | How do i pay? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | What Happend? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | -YOUR FILES HAVE BEEN LOCKED- | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78513854 |
|
1 | |
| Set Attribute | UNNAM3D - R@NSOMEWARE! | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Set Attribute | UNNAM3D - R@NSOMEWARE! | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78514702 |
|
1 | |
| Set Attribute | UNNAM3D - R@NSOMEWARE! | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -8, new_long = 0 |
|
1 | |
| Set Attribute | UNNAM3D - R@NSOMEWARE! | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -16, new_long = 46858240 |
|
1 | |
| Set Attribute | UNNAM3D - R@NSOMEWARE! | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -20, new_long = 327681 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78514742 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -12, new_long = 393334 |
|
1 | |
| Set Attribute | Discord: UNNAM3D#6666 | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Set Attribute | Discord: UNNAM3D#6666 | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514822 |
|
1 | |
| Set Attribute | Discord: UNNAM3D#6666 | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 458798 |
|
1 | |
| Set Attribute | You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Set Attribute | You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514862 |
|
1 | |
| Set Attribute | You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 131612 |
|
1 | |
| Set Attribute | All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Set Attribute | All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514902 |
|
1 | |
| Set Attribute | All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 589846 |
|
1 | |
| Set Attribute | How do i pay? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Set Attribute | How do i pay? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514942 |
|
1 | |
| Set Attribute | How do i pay? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 393750 |
|
1 | |
| Set Attribute | What Happend? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Set Attribute | What Happend? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514982 |
|
1 | |
| Set Attribute | What Happend? | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 131616 |
|
1 | |
| Set Attribute | -YOUR FILES HAVE BEEN LOCKED- | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Set Attribute | -YOUR FILES HAVE BEEN LOCKED- | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78515022 |
|
1 | |
| Set Attribute | -YOUR FILES HAVE BEEN LOCKED- | class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 328216 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78515062 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -12, new_long = 197146 |
|
1 |
System (153)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create Desktop | desktop_name = MeinTestDesktop |
|
1 | |
| Switch Desktop | desktop_name = MeinTestDesktop |
|
1 | |
| Get Cursor | x_out = 44, y_out = 346 |
|
4 | |
| Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
72 | |
| Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
73 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 |
Process #3: cmd.exe
57
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /C cd C:\Users\FD1HVy\Desktop && C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:04:33, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:40 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf00 |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\unnam3d - ransm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
384
0x
36C
|
Host Behavior
File (13)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
4 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
4 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 136, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | os_pid = 0xe3c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x8e0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
6 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
2 | |
| Set Environment String | name = COPYCMD |
|
1 |
Process #4: cmd.exe
66
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /C cd C:\Users\FD1HVy\Documents && C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:36 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x46c |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\unnam3d - ransm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F04
0x
86C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x008E0000 | 0x00938FFF | Process Termination | - | 32-bit | - |
|
|
Host Behavior
File (18)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | C:\Users\FD1HVy\Documents | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 197, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | os_pid = 0xf64, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x8e0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (20)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Documents |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #6: cmd.exe
66
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /C cd C:\Users\FD1HVy\Pictures && C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:19, Reason: Self Terminated |
| Monitor Duration | 00:00:25 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa9c |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\unnam3d - ransm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
784
0x
F6C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x008E0000 | 0x00938FFF | Process Termination | - | 32-bit | - |
|
|
Host Behavior
File (18)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
2 | |
| Get Info | C:\Users\FD1HVy\Pictures | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
6 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | os_pid = 0x754, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x8e0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (20)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Pictures |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #9: winrar.exe
3340
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\users\fd1hvy\appdata\local\temp\winrar.exe |
| Command Line | C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:04:33, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe3c |
| Parent PID | 0xf00 (c:\windows\syswow64\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4A4
0x
E7C
0x
D08
0x
FAC
0x
F24
0x
3FC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1154
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| Desktop.rar | 4.93 MB |
MD5:
efa4ac54e99fdd29a9c5edf45ddaaa54
SHA1: 7d248783bb8ff1b88458ebd21c9ec8fd56275281 SHA256: 41290334b1e39a052138f7397495cccebc4675f3fd5a49b0a28ea015d768e5cc SSDeep: 98304:sqq9/v6ZTjRW6S8TP7PaTxncuJf6fVc2hnfzbOrTPg8X4p7Y8b:9q9cA6FTjnLKrD7Xw7pb |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\fd1hvy\appdata\local\microsoft\windows\explorer\iconcache_idx.db | 113.77 KB |
MD5:
73bfba05899b33a27858f4c19b1a671b
SHA1: c6f1c292ff85bb4fb84055975879c8345290b413 SHA256: c2c4cdff22f9ca0ef6e49c25c19f020fbe3bed1712451c61aa02f1342acf4d19 SSDeep: 384:40cn3yWhXKXxUAuLD/q3sOqXp16KPo7Eo9erZoieAco37MwaDeYfs:rOaWDLrq3JMUWxnZoit7Mnq |
|
|
| c:\users\fd1hvy\appdata\local\microsoft\windows\explorer\iconcache_16.db | 1.00 MB |
MD5:
59dda5dae4ef7b50a99d041e7a9e97e6
SHA1: 644e29965aef4527bc670bb0cecda464a0eb60b4 SHA256: f25e9070985e75877834f377d7ca21eec0961f2c7a87e815bffca320334ba90f SSDeep: 12288:99sS9vByHE1a4Cxl/pGvfRBG4+EFjnFEd0jJg8ey:9DNBRi6G4+uA8ey |
|
|
Host Behavior
COM (17)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 56FDF344-FD6D-11D0-958A-006097C9A090 | EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF | cls_context = CLSCTX_INPROC_SERVER |
|
17 |
File (342)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | Desktop.rar | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\Desktop\Desktop.rar | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Desktop.rar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\Desktop\Desktop.rar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Desktop.rar | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | -mQiD8fm.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 0KL2Gz9JGd.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 0RRIlXg9.xls | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 1GbClcrwPdCacbM-.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 3 58nW.pps | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 4WmeXcoy8E.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 6u_EXsIYn4N.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | AG0E6OHBnNCn.mkv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | cdf 0O.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | chO6xvKC4SuwQxTe.rtf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | dRR2.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | EKbd9czGD.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | GAXF44R72SInzUMj.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | gG_HZ-HV.swf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | H9Q00myyEZo.mp3 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | HBzA3ifwtSZxE.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | hh4lRnb.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | hqk1KnpsNtd.mkv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Hx3Tlhe_5jId0OJhP6.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | IaWqKnXFr.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Jil3P9aQS_.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | jkHmqBwZLlx L8N.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | k5qtEIg5teHIWg.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Kd7Nt21v7fSUs0ibbZr.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | kVcraZcrAD.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | kZvsWRlw_Unl_4-z2.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | M6unjbqHC6Vi.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | mwUpgAicntsdXOa.wav | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | oOWu_URf4xodTCzItb.m4a | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | P1f3eP0sOin1nUyy.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Q00ZHL.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | r 8Z60WGh0PY-Uxk.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | rnJlU.swf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | sKJ-dBYfyDB.swf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Sn MlQKdcUAQKuOMiL.mp4 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | t1UTy\0jOnjZop-702GRg.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | t1UTy\P4m7gaW ZT.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | t1UTy\rjFeGvlijme.swf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | t1UTy\x ddEQMGCa7.ots | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | t1UTy\y04cYW4-8JsL5Y8T29Y.xls | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | ttLWBUDVomotx85.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | UNNAM3D - RANSM.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | vmwN.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | yo39-hWsdk Kwqd0cHA.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | _wLo_T-_xHQoQCx.mp4 | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Directory | C:\Users\FD1HVy\AppData\Roaming\WinRAR | - |
|
1 | |
| Add Search Path | - | - |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR | type = file_attributes |
|
3 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR | type = file_attributes |
|
3 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR | type = file_attributes |
|
5 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | type = file_type |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg | type = file_attributes |
|
2 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg | type = file_attributes |
|
2 | |
| Get Info | Desktop | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\Desktop\Desktop | type = file_attributes |
|
1 | |
| Get Info | Desktop.rar | type = file_attributes |
|
3 | |
| Get Info | \\?\C:\Users\FD1HVy\Desktop\Desktop.rar | type = file_attributes |
|
3 | |
| Get Info | Desktop.zip | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\Desktop\Desktop.zip | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | size = 4096, size_out = 12 |
|
1 | |
| Read | -mQiD8fm.doc | size = 1048576, size_out = 87151 |
|
1 | |
| Read | -mQiD8fm.doc | size = 961425, size_out = 0 |
|
1 | |
| Read | 0KL2Gz9JGd.wav | size = 1048576, size_out = 32756 |
|
1 | |
| Read | 0KL2Gz9JGd.wav | size = 1015820, size_out = 0 |
|
1 | |
| Read | 0RRIlXg9.xls | size = 1048576, size_out = 70986 |
|
1 | |
| Read | 0RRIlXg9.xls | size = 977590, size_out = 0 |
|
1 | |
| Read | 1GbClcrwPdCacbM-.png | size = 1048576, size_out = 48854 |
|
1 | |
| Read | 1GbClcrwPdCacbM-.png | size = 999722, size_out = 0 |
|
1 | |
| Read | 3 58nW.pps | size = 1048576, size_out = 42558 |
|
1 | |
| Read | 3 58nW.pps | size = 1006018, size_out = 0 |
|
1 | |
| Read | 4WmeXcoy8E.gif | size = 1048576, size_out = 2157 |
|
1 | |
| Read | 4WmeXcoy8E.gif | size = 1046419, size_out = 0 |
|
1 | |
| Read | 6u_EXsIYn4N.jpg | size = 1048576, size_out = 42205 |
|
1 | |
| Read | 6u_EXsIYn4N.jpg | size = 1006371, size_out = 0 |
|
1 | |
| Read | AG0E6OHBnNCn.mkv | size = 1048576, size_out = 18068 |
|
1 | |
| Read | AG0E6OHBnNCn.mkv | size = 1030508, size_out = 0 |
|
1 | |
| Read | cdf 0O.avi | size = 1048576, size_out = 76020 |
|
1 | |
| Read | cdf 0O.avi | size = 972556, size_out = 0 |
|
1 | |
| Read | chO6xvKC4SuwQxTe.rtf | size = 1048576, size_out = 25149 |
|
1 | |
| Read | chO6xvKC4SuwQxTe.rtf | size = 1023427, size_out = 0 |
|
1 | |
| Read | desktop.ini | size = 1048576, size_out = 282 |
|
1 | |
| Read | desktop.ini | size = 1048294, size_out = 0 |
|
1 | |
| Read | dRR2.wav | size = 1048576, size_out = 52046 |
|
1 | |
| Read | dRR2.wav | size = 996530, size_out = 0 |
|
1 | |
| Read | EKbd9czGD.bmp | size = 1048576, size_out = 93926 |
|
1 | |
| Read | EKbd9czGD.bmp | size = 954650, size_out = 0 |
|
1 | |
| Read | GAXF44R72SInzUMj.mp3 | size = 1048576, size_out = 100343 |
|
1 | |
| Read | GAXF44R72SInzUMj.mp3 | size = 948233, size_out = 0 |
|
1 | |
| Read | gG_HZ-HV.swf | size = 1048576, size_out = 17620 |
|
1 | |
| Read | gG_HZ-HV.swf | size = 1030956, size_out = 0 |
|
1 | |
| Read | H9Q00myyEZo.mp3 | size = 1048576, size_out = 44115 |
|
1 | |
| Read | H9Q00myyEZo.mp3 | size = 1004461, size_out = 0 |
|
1 | |
| Read | HBzA3ifwtSZxE.avi | size = 1048576, size_out = 75630 |
|
1 | |
| Read | HBzA3ifwtSZxE.avi | size = 972946, size_out = 0 |
|
1 | |
| Read | hh4lRnb.ods | size = 1048576, size_out = 26379 |
|
1 | |
| Read | hh4lRnb.ods | size = 1022197, size_out = 0 |
|
1 | |
| Read | hqk1KnpsNtd.mkv | size = 1048576, size_out = 6447 |
|
1 | |
| Read | hqk1KnpsNtd.mkv | size = 1042129, size_out = 0 |
|
1 | |
| Read | Hx3Tlhe_5jId0OJhP6.pptx | size = 1048576, size_out = 10395 |
|
1 | |
| Read | Hx3Tlhe_5jId0OJhP6.pptx | size = 1038181, size_out = 0 |
|
1 | |
| Read | IaWqKnXFr.m4a | size = 1048576, size_out = 61480 |
|
1 | |
| Read | IaWqKnXFr.m4a | size = 987096, size_out = 0 |
|
1 | |
| Read | Jil3P9aQS_.avi | size = 1048576, size_out = 37816 |
|
1 | |
| Read | Jil3P9aQS_.avi | size = 1010760, size_out = 0 |
|
1 | |
| Read | jkHmqBwZLlx L8N.m4a | size = 1048576, size_out = 102378 |
|
1 | |
| Read | jkHmqBwZLlx L8N.m4a | size = 946198, size_out = 0 |
|
1 | |
| Read | k5qtEIg5teHIWg.png | size = 1048576, size_out = 76357 |
|
1 | |
| Read | k5qtEIg5teHIWg.png | size = 972219, size_out = 0 |
|
1 | |
| Read | Kd7Nt21v7fSUs0ibbZr.pdf | size = 1048576, size_out = 66164 |
|
1 | |
| Read | Kd7Nt21v7fSUs0ibbZr.pdf | size = 982412, size_out = 0 |
|
1 | |
| Read | kVcraZcrAD.png | size = 1048576, size_out = 52758 |
|
1 | |
| Read | kVcraZcrAD.png | size = 995818, size_out = 0 |
|
1 | |
| Read | kZvsWRlw_Unl_4-z2.png | size = 1048576, size_out = 17280 |
|
1 | |
| Read | kZvsWRlw_Unl_4-z2.png | size = 1031296, size_out = 0 |
|
1 | |
| Read | M6unjbqHC6Vi.avi | size = 1048576, size_out = 68338 |
|
1 | |
| Read | M6unjbqHC6Vi.avi | size = 980238, size_out = 0 |
|
1 | |
| Read | mwUpgAicntsdXOa.wav | size = 1048576, size_out = 96083 |
|
1 | |
| Read | mwUpgAicntsdXOa.wav | size = 952493, size_out = 0 |
|
1 | |
| Read | oOWu_URf4xodTCzItb.m4a | size = 1048576, size_out = 86992 |
|
1 | |
| Read | oOWu_URf4xodTCzItb.m4a | size = 961584, size_out = 0 |
|
1 | |
| Read | P1f3eP0sOin1nUyy.csv | size = 1048576, size_out = 68351 |
|
1 | |
| Read | P1f3eP0sOin1nUyy.csv | size = 980225, size_out = 0 |
|
1 | |
| Read | Q00ZHL.bmp | size = 1048576, size_out = 29896 |
|
1 | |
| Read | Q00ZHL.bmp | size = 1018680, size_out = 0 |
|
1 | |
| Read | r 8Z60WGh0PY-Uxk.gif | size = 1048576, size_out = 99365 |
|
1 | |
| Read | r 8Z60WGh0PY-Uxk.gif | size = 949211, size_out = 0 |
|
1 | |
| Read | rnJlU.swf | size = 1048576, size_out = 7896 |
|
1 | |
| Read | rnJlU.swf | size = 1040680, size_out = 0 |
|
1 | |
| Read | sKJ-dBYfyDB.swf | size = 1048576, size_out = 80603 |
|
1 | |
| Read | sKJ-dBYfyDB.swf | size = 967973, size_out = 0 |
|
1 | |
| Read | Sn MlQKdcUAQKuOMiL.mp4 | size = 1048576, size_out = 49851 |
|
1 | |
| Read | Sn MlQKdcUAQKuOMiL.mp4 | size = 998725, size_out = 0 |
|
1 | |
| Read | t1UTy\0jOnjZop-702GRg.png | size = 1048576, size_out = 82820 |
|
1 | |
| Read | t1UTy\0jOnjZop-702GRg.png | size = 965756, size_out = 0 |
|
1 | |
| Read | t1UTy\P4m7gaW ZT.flv | size = 1048576, size_out = 6356 |
|
1 | |
| Read | t1UTy\P4m7gaW ZT.flv | size = 1042220, size_out = 0 |
|
1 | |
| Read | t1UTy\rjFeGvlijme.swf | size = 1048576, size_out = 81605 |
|
1 | |
| Read | t1UTy\rjFeGvlijme.swf | size = 966971, size_out = 0 |
|
1 | |
| Read | t1UTy\x ddEQMGCa7.ots | size = 1048576, size_out = 2906 |
|
1 | |
| Read | t1UTy\x ddEQMGCa7.ots | size = 1045670, size_out = 0 |
|
1 | |
| Read | t1UTy\y04cYW4-8JsL5Y8T29Y.xls | size = 1048576, size_out = 82326 |
|
1 | |
| Read | t1UTy\y04cYW4-8JsL5Y8T29Y.xls | size = 966250, size_out = 0 |
|
1 | |
| Read | ttLWBUDVomotx85.gif | size = 1048576, size_out = 29056 |
|
1 | |
| Read | ttLWBUDVomotx85.gif | size = 1019520, size_out = 0 |
|
1 | |
| Read | UNNAM3D - RANSM.exe | size = 1048576, size_out = 1048576 |
|
1 | |
| Read | UNNAM3D - RANSM.exe | size = 3145728, size_out = 1827840 |
|
1 | |
| Read | UNNAM3D - RANSM.exe | size = 4194304, size_out = 0 |
|
1 | |
| Read | vmwN.flv | size = 1048576, size_out = 48558 |
|
1 | |
| Read | vmwN.flv | size = 1000018, size_out = 0 |
|
1 | |
| Read | yo39-hWsdk Kwqd0cHA.flv | size = 1048576, size_out = 36491 |
|
1 | |
| Read | yo39-hWsdk Kwqd0cHA.flv | size = 1012085, size_out = 0 |
|
1 | |
| Read | _wLo_T-_xHQoQCx.mp4 | size = 1048576, size_out = 92113 |
|
1 | |
| Read | _wLo_T-_xHQoQCx.mp4 | size = 956463, size_out = 0 |
|
1 | |
| Write | Desktop.rar | size = 8 |
|
2 | |
| Write | Desktop.rar | size = 17 |
|
2 | |
| Write | Desktop.rar | size = 87360 |
|
1 | |
| Write | Desktop.rar | size = 96 |
|
4 | |
| Write | Desktop.rar | size = 32832 |
|
1 | |
| Write | Desktop.rar | size = 98 |
|
3 | |
| Write | Desktop.rar | size = 71168 |
|
1 | |
| Write | Desktop.rar | size = 48944 |
|
1 | |
| Write | Desktop.rar | size = 104 |
|
5 | |
| Write | Desktop.rar | size = 42624 |
|
1 | |
| Write | Desktop.rar | size = 94 |
|
3 | |
| Write | Desktop.rar | size = 2208 |
|
1 | |
| Write | Desktop.rar | size = 42320 |
|
1 | |
| Write | Desktop.rar | size = 99 |
|
3 | |
| Write | Desktop.rar | size = 18176 |
|
1 | |
| Write | Desktop.rar | size = 100 |
|
2 | |
| Write | Desktop.rar | size = 76176 |
|
1 | |
| Write | Desktop.rar | size = 21312 |
|
1 | |
| Write | Desktop.rar | size = 176 |
|
1 | |
| Write | Desktop.rar | size = 93 |
|
2 | |
| Write | Desktop.rar | size = 52224 |
|
1 | |
| Write | Desktop.rar | size = 92 |
|
2 | |
| Write | Desktop.rar | size = 94128 |
|
1 | |
| Write | Desktop.rar | size = 97 |
|
3 | |
| Write | Desktop.rar | size = 100576 |
|
1 | |
| Write | Desktop.rar | size = 17728 |
|
1 | |
| Write | Desktop.rar | size = 44224 |
|
1 | |
| Write | Desktop.rar | size = 75792 |
|
1 | |
| Write | Desktop.rar | size = 101 |
|
1 | |
| Write | Desktop.rar | size = 26464 |
|
1 | |
| Write | Desktop.rar | size = 95 |
|
1 | |
| Write | Desktop.rar | size = 6496 |
|
1 | |
| Write | Desktop.rar | size = 10432 |
|
1 | |
| Write | Desktop.rar | size = 107 |
|
4 | |
| Write | Desktop.rar | size = 61632 |
|
1 | |
| Write | Desktop.rar | size = 37936 |
|
1 | |
| Write | Desktop.rar | size = 102608 |
|
1 | |
| Write | Desktop.rar | size = 103 |
|
5 | |
| Write | Desktop.rar | size = 76528 |
|
1 | |
| Write | Desktop.rar | size = 102 |
|
2 | |
| Write | Desktop.rar | size = 66368 |
|
1 | |
| Write | Desktop.rar | size = 52896 |
|
1 | |
| Write | Desktop.rar | size = 17392 |
|
1 | |
| Write | Desktop.rar | size = 105 |
|
2 | |
| Write | Desktop.rar | size = 68544 |
|
1 | |
| Write | Desktop.rar | size = 96288 |
|
1 | |
| Write | Desktop.rar | size = 87216 |
|
1 | |
| Write | Desktop.rar | size = 106 |
|
2 | |
| Write | Desktop.rar | size = 68512 |
|
1 | |
| Write | Desktop.rar | size = 29952 |
|
1 | |
| Write | Desktop.rar | size = 99600 |
|
1 | |
| Write | Desktop.rar | size = 7952 |
|
1 | |
| Write | Desktop.rar | size = 80768 |
|
1 | |
| Write | Desktop.rar | size = 50016 |
|
1 | |
| Write | Desktop.rar | size = 83040 |
|
1 | |
| Write | Desktop.rar | size = 109 |
|
1 | |
| Write | Desktop.rar | size = 6432 |
|
1 | |
| Write | Desktop.rar | size = 81776 |
|
1 | |
| Write | Desktop.rar | size = 2976 |
|
1 | |
| Write | Desktop.rar | size = 82512 |
|
1 | |
| Write | Desktop.rar | size = 113 |
|
1 | |
| Write | Desktop.rar | size = 29136 |
|
1 | |
| Write | Desktop.rar | size = 262144 |
|
10 | |
| Write | Desktop.rar | size = 202912 |
|
1 | |
| Write | Desktop.rar | size = 48656 |
|
1 | |
| Write | Desktop.rar | size = 36624 |
|
1 | |
| Write | Desktop.rar | size = 92320 |
|
1 | |
| Write | Desktop.rar | size = 36 |
|
1 | |
| Write | Desktop.rar | size = 19 |
|
1 | |
| Write | Desktop.rar | size = 4803 |
|
1 | |
| Delete Directory | t1UTy | - |
|
1 | |
| Delete | _wLo_T-_xHQoQCx.mp4 | - |
|
1 | |
| Delete | yo39-hWsdk Kwqd0cHA.flv | - |
|
1 | |
| Delete | vmwN.flv | - |
|
1 | |
| Delete | UNNAM3D - RANSM.exe | - |
|
1 | |
| Delete | \\?\C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe | - |
|
1 | |
| Delete | ttLWBUDVomotx85.gif | - |
|
1 | |
| Delete | t1UTy\y04cYW4-8JsL5Y8T29Y.xls | - |
|
1 | |
| Delete | t1UTy\x ddEQMGCa7.ots | - |
|
1 | |
| Delete | t1UTy\rjFeGvlijme.swf | - |
|
1 | |
| Delete | t1UTy\P4m7gaW ZT.flv | - |
|
1 | |
| Delete | t1UTy\0jOnjZop-702GRg.png | - |
|
1 | |
| Delete | Sn MlQKdcUAQKuOMiL.mp4 | - |
|
1 | |
| Delete | sKJ-dBYfyDB.swf | - |
|
1 | |
| Delete | rnJlU.swf | - |
|
1 | |
| Delete | r 8Z60WGh0PY-Uxk.gif | - |
|
1 | |
| Delete | Q00ZHL.bmp | - |
|
1 | |
| Delete | P1f3eP0sOin1nUyy.csv | - |
|
1 | |
| Delete | oOWu_URf4xodTCzItb.m4a | - |
|
1 | |
| Delete | mwUpgAicntsdXOa.wav | - |
|
1 | |
| Delete | M6unjbqHC6Vi.avi | - |
|
1 | |
| Delete | kZvsWRlw_Unl_4-z2.png | - |
|
1 | |
| Delete | kVcraZcrAD.png | - |
|
1 | |
| Delete | Kd7Nt21v7fSUs0ibbZr.pdf | - |
|
1 | |
| Delete | k5qtEIg5teHIWg.png | - |
|
1 | |
| Delete | jkHmqBwZLlx L8N.m4a | - |
|
1 | |
| Delete | Jil3P9aQS_.avi | - |
|
1 | |
| Delete | IaWqKnXFr.m4a | - |
|
1 | |
| Delete | Hx3Tlhe_5jId0OJhP6.pptx | - |
|
1 | |
| Delete | hqk1KnpsNtd.mkv | - |
|
1 | |
| Delete | hh4lRnb.ods | - |
|
1 | |
| Delete | HBzA3ifwtSZxE.avi | - |
|
1 | |
| Delete | H9Q00myyEZo.mp3 | - |
|
1 | |
| Delete | gG_HZ-HV.swf | - |
|
1 | |
| Delete | GAXF44R72SInzUMj.mp3 | - |
|
1 | |
| Delete | EKbd9czGD.bmp | - |
|
1 | |
| Delete | dRR2.wav | - |
|
1 | |
| Delete | desktop.ini | - |
|
1 | |
| Delete | chO6xvKC4SuwQxTe.rtf | - |
|
1 | |
| Delete | cdf 0O.avi | - |
|
1 | |
| Delete | AG0E6OHBnNCn.mkv | - |
|
1 | |
| Delete | 6u_EXsIYn4N.jpg | - |
|
1 | |
| Delete | 4WmeXcoy8E.gif | - |
|
1 | |
| Delete | 3 58nW.pps | - |
|
1 | |
| Delete | 1GbClcrwPdCacbM-.png | - |
|
1 | |
| Delete | 0RRIlXg9.xls | - |
|
1 | |
| Delete | 0KL2Gz9JGd.wav | - |
|
1 | |
| Delete | -mQiD8fm.doc | - |
|
1 |
Registry (1032)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
72 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
8 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
64 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | - |
|
72 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | - |
|
72 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | - |
|
70 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Paths | - |
|
7 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | - |
|
7 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\WinRAR\Policy | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Policy | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Extraction | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
81 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Compression | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList | - |
|
8 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\ErrList | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = SMP, data = 1, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Name, data = Default Profile, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Name, data = Create e-mail attachment, type = REG_SZ |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Name, data = Backup selected files, type = REG_SZ |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Name, data = Create 10 MB volumes, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = VerInfo, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = rarkey, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Priority, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = rarreg.key, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXModule, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFX, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXIcon, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXLogo, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtDataWide, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtTextWide, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtTextData, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolumeSize, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Recovery, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PasswordData, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EmailArcTo, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PackDetails, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface | value_name = SystemProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface | value_name = TaskbarProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Log, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Sound, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Log, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Sound, data = 1, type = REG_NONE |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Name, data = Default Profile, size = 32, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Default, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSizeLZ, data = 4194304, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSize, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Name, data = Create e-mail attachment, size = 50, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Solid, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Method, data = 5, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Name, data = Backup selected files, size = 44, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = RecEnabled, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = OpenShared, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SaveStreams, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = GenerateArcName, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Name, data = Create 10 MB volumes, size = 42, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = VolumeSize, data = 10485760, size = 18, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Solid, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = RecEnabled, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Name, data = ZIP archive (low compression), size = 60, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = UseRAR, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ShellExtBMP, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ShellExtIcon, size = 2, type = REG_SZ |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcName |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileNames |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFX |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = ArcName |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = FileNames |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | value_name = SFX |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = ArcName |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = FileNames |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | value_name = SFX |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = ArcName |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = FileNames |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | value_name = SFX |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = ArcName |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = FileNames |
|
1 | |
| Delete Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | value_name = SFX |
|
1 |
Module (39)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x7ff92f150000 |
|
1 | |
| Load | C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll | base_address = 0x0 |
|
1 | |
| Load | C:\WINDOWS\system32\riched20.dll | base_address = 0x7ff912450000 |
|
1 | |
| Load | C:\WINDOWS\system32\Crypt32.dll | base_address = 0x7ff92e880000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
3 | |
| Get Handle | c:\users\fd1hvy\appdata\local\temp\winrar.exe | base_address = 0x7ff6f74d0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\windows\system32\shell32.dll | base_address = 0x7ff9300e0000 |
|
2 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
2 | |
| Get Filename | C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
4 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address_out = 0x7ff931fb35c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x7ff92f1be960 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x7ff931fa6090 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetDllDirectoryW, address_out = 0x7ff92fdee3c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x7ff92f228b70 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptProtectMemory, address_out = 0x7ff92d8c1770 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptUnprotectMemory, address_out = 0x7ff92d8c17a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CompareStringOrdinal, address_out = 0x7ff92fde8fb0 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetStockIconInfo, address_out = 0x7ff9301bf2c0 |
|
2 |
Window (5)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | WinRAR | class_name = WinRarWindow, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = SysListView32, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Find | - | class_name = WinRarWindow |
|
1 |
Keyboard (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
10 |
System (908)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Performance Ctr, time = 14841558905 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:35 (UTC) |
|
1 | |
| Get Time | type = Local Time, time = 2019-03-31 23:13:38 (Local Time) |
|
1 | |
| Get Time | type = Performance Ctr, time = 15211619882 |
|
1 | |
| Get Time | type = Ticks, time = 153281 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15331568388 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15331917197 |
|
1 | |
| Get Time | type = Ticks, time = 153453 |
|
3 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:39 (UTC) |
|
2 | |
| Get Time | type = Performance Ctr, time = 15380147605 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15380497701 |
|
1 | |
| Get Time | type = Ticks, time = 153781 |
|
1 | |
| Get Time | type = Ticks, time = 157562 |
|
2 | |
| Get Time | type = Performance Ctr, time = 15759605264 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 15760237502 |
|
1 | |
| Get Time | type = Ticks, time = 157578 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15761530531 |
|
1 | |
| Get Time | type = Ticks, time = 157750 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15777963577 |
|
1 | |
| Get Time | type = Ticks, time = 157906 |
|
8 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:44 (UTC) |
|
22 | |
| Get Time | type = Performance Ctr, time = 15793990891 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15794276923 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15794833612 |
|
1 | |
| Get Time | type = Ticks, time = 157921 |
|
12 | |
| Get Time | type = Performance Ctr, time = 15795337748 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15795506864 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15796110275 |
|
1 | |
| Get Time | type = Ticks, time = 157937 |
|
11 | |
| Get Time | type = Performance Ctr, time = 15796722484 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15796993348 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15797418767 |
|
1 | |
| Get Time | type = Ticks, time = 157953 |
|
15 | |
| Get Time | type = Performance Ctr, time = 15798110827 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15798323723 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15798695360 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15799265394 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15799450459 |
|
1 | |
| Get Time | type = Ticks, time = 158296 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15832514521 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15833768269 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15833863095 |
|
1 | |
| Get Time | type = Ticks, time = 158312 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15834475441 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15835071353 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15835283060 |
|
1 | |
| Get Time | type = Ticks, time = 158328 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15835864120 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15836357168 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15836485291 |
|
1 | |
| Get Time | type = Ticks, time = 158343 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15837307936 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15838004771 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15838243970 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15838561470 |
|
1 | |
| Get Time | type = Ticks, time = 158359 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15839245567 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15839362914 |
|
1 | |
| Get Time | type = Ticks, time = 158453 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15848158189 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15848605316 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15848743207 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15849201922 |
|
1 | |
| Get Time | type = Ticks, time = 158468 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15849906195 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15850120518 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15850994393 |
|
1 | |
| Get Time | type = Ticks, time = 158484 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15851774169 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15852145920 |
|
1 | |
| Get Time | type = Ticks, time = 158500 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15853241994 |
|
1 | |
| Get Time | type = Ticks, time = 158515 |
|
15 | |
| Get Time | type = Performance Ctr, time = 15854326252 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15854720218 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15854954684 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15855397573 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15855509479 |
|
1 | |
| Get Time | type = Ticks, time = 158593 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15862475073 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15863315363 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15863516626 |
|
1 | |
| Get Time | type = Ticks, time = 158609 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15864328062 |
|
1 | |
| Get Time | type = Ticks, time = 158625 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15865462728 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15865713147 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15865995405 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15866460081 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15866580216 |
|
1 | |
| Get Time | type = Ticks, time = 158640 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15866782793 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15867349379 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15867425778 |
|
1 | |
| Get Time | type = Ticks, time = 158703 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15873254395 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15874057527 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15874221690 |
|
1 | |
| Get Time | type = Ticks, time = 158718 |
|
11 | |
| Get Time | type = Performance Ctr, time = 15874819496 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15875442238 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15875667510 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15876120908 |
|
1 | |
| Get Time | type = Ticks, time = 158734 |
|
9 | |
| Get Time | type = Performance Ctr, time = 15877008700 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15877247669 |
|
1 | |
| Get Time | type = Ticks, time = 158750 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15878224459 |
|
1 | |
| Get Time | type = Ticks, time = 158828 |
|
5 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:45 (UTC) |
|
17 | |
| Get Time | type = Performance Ctr, time = 15886110562 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15886663733 |
|
1 | |
| Get Time | type = Ticks, time = 158843 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15887458750 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15888054280 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15888421290 |
|
1 | |
| Get Time | type = Ticks, time = 158859 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15889248223 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15889832908 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15890082089 |
|
1 | |
| Get Time | type = Ticks, time = 158875 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15890719818 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15891575811 |
|
1 | |
| Get Time | type = Ticks, time = 158968 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15899775398 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15900340180 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15900940015 |
|
1 | |
| Get Time | type = Ticks, time = 159296 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15932776920 |
|
1 | |
| Get Time | type = Ticks, time = 159312 |
|
7 | |
| Get Time | type = Performance Ctr, time = 15934548032 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15935195647 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15935461196 |
|
1 | |
| Get Time | type = Ticks, time = 159328 |
|
7 | |
| Get Time | type = Performance Ctr, time = 15936524317 |
|
1 | |
| Get Time | type = Ticks, time = 159343 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15937395133 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15937732234 |
|
1 | |
| Get Time | type = Ticks, time = 159453 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15948667962 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15949445311 |
|
1 | |
| Get Time | type = Ticks, time = 159468 |
|
8 | |
| Get Time | type = Performance Ctr, time = 15950036201 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15951000577 |
|
1 | |
| Get Time | type = Ticks, time = 159484 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15951954453 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15952232966 |
|
1 | |
| Get Time | type = Ticks, time = 159500 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15952819474 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15953834572 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15954084260 |
|
1 | |
| Get Time | type = Ticks, time = 159515 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15955034972 |
|
1 | |
| Get Time | type = Ticks, time = 159609 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15964271030 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15964711272 |
|
1 | |
| Get Time | type = Ticks, time = 159625 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15965708369 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15966226750 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15966389078 |
|
1 | |
| Get Time | type = Ticks, time = 159640 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15967229968 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15967866206 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15968210801 |
|
1 | |
| Get Time | type = Ticks, time = 159656 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15968708638 |
|
1 | |
| Get Time | type = Ticks, time = 159718 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15975408717 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15975707022 |
|
1 | |
| Get Time | type = Ticks, time = 159734 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15976789374 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15977404185 |
|
1 | |
| Get Time | type = Ticks, time = 159750 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15977877733 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15978102276 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15978452279 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15978616470 |
|
1 | |
| Get Time | type = Ticks, time = 159765 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15979328059 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15979924793 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15980231238 |
|
1 | |
| Get Time | type = Ticks, time = 160296 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16032672563 |
|
1 | |
| Get Time | type = Ticks, time = 160312 |
|
10 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:46 (UTC) |
|
3 | |
| Get Time | type = Performance Ctr, time = 16034515512 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16034671556 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16035397130 |
|
1 | |
| Get Time | type = Ticks, time = 160328 |
|
2 | |
| Get Time | type = Performance Ctr, time = 16036863414 |
|
1 | |
| Get Time | type = Ticks, time = 160343 |
|
10 | |
| Get Time | type = Performance Ctr, time = 16037396790 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16037977084 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16038548352 |
|
1 | |
| Get Time | type = Ticks, time = 160437 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16047997435 |
|
1 | |
| Get Time | type = Ticks, time = 160453 |
|
3 | |
| Get Time | type = Ticks, time = 161953 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16198765580 |
|
1 | |
| Get Time | type = Ticks, time = 161968 |
|
10 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:48 (UTC) |
|
3 | |
| Get Time | type = Performance Ctr, time = 16200283227 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16200436054 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16201020734 |
|
1 | |
| Get Time | type = Ticks, time = 162281 |
|
6 | |
| Get Time | type = Performance Ctr, time = 16231686070 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16231902344 |
|
1 | |
| Get Time | type = Ticks, time = 162296 |
|
10 | |
| Get Time | type = Performance Ctr, time = 16232828994 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16233378185 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16233626426 |
|
1 | |
| Get Time | type = Ticks, time = 162312 |
|
6 | |
| Get Time | type = Performance Ctr, time = 16234506113 |
|
1 | |
| Get Time | type = Ticks, time = 163375 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16347419002 |
|
1 | |
| Get Time | type = Ticks, time = 163437 |
|
3 | |
| Get Time | type = Ticks, time = 163796 |
|
8 | |
| Get Time | type = Performance Ctr, time = 16383172666 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16383554128 |
|
1 | |
| Get Time | type = Ticks, time = 163843 |
|
7 | |
| Get Time | type = Performance Ctr, time = 16388085710 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16388276565 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16392075967 |
|
1 | |
| Get Time | type = Ticks, time = 165375 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16540922303 |
|
1 | |
| Get Time | type = Ticks, time = 165859 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16589766036 |
|
1 | |
| Get Time | type = Ticks, time = 166109 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16614145907 |
|
1 | |
| Get Time | type = Ticks, time = 166171 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16620292392 |
|
1 | |
| Get Time | type = Ticks, time = 166234 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16626421425 |
|
1 | |
| Get Time | type = Ticks, time = 166343 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16637417212 |
|
1 | |
| Get Time | type = Ticks, time = 166781 |
|
2 | |
| Get Time | type = Performance Ctr, time = 16682451730 |
|
1 | |
| Get Time | type = Ticks, time = 166796 |
|
14 | |
| Get Time | type = Performance Ctr, time = 16682936555 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16683263954 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16683628637 |
|
1 | |
| Get Time | type = Ticks, time = 166828 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16685651018 |
|
1 | |
| Get Time | type = Ticks, time = 166875 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16690575171 |
|
1 | |
| Get Time | type = Ticks, time = 166968 |
|
12 | |
| Get Time | type = Performance Ctr, time = 16699966197 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16700407887 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16700780096 |
|
1 | |
| Get Time | type = Ticks, time = 166984 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16701235015 |
|
1 | |
| Get Time | type = Ticks, time = 167078 |
|
12 | |
| Get Time | type = Performance Ctr, time = 16711007710 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16711408101 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16711727857 |
|
1 | |
| Get Time | type = Ticks, time = 167250 |
|
2 | |
| Get Time | type = Performance Ctr, time = 16729271833 |
|
1 | |
| Get Time | type = Ticks, time = 167265 |
|
15 | |
| Get Time | type = Performance Ctr, time = 16729683078 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16730088895 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16730408128 |
|
1 | |
| Get Time | type = Ticks, time = 167281 |
|
15 | |
| Get Time | type = Performance Ctr, time = 16730822089 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16731093647 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16731366430 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16731674832 |
|
1 | |
| Get Time | type = Ticks, time = 167359 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16739973758 |
|
1 | |
| Get Time | type = Ticks, time = 167765 |
|
8 | |
| Get Time | type = Performance Ctr, time = 16780125972 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16780563441 |
|
1 | |
| Get Time | type = Ticks, time = 167828 |
|
12 | |
| Get Time | type = Performance Ctr, time = 16786015040 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16786553621 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16786873768 |
|
1 | |
| Get Time | type = Ticks, time = 167843 |
|
8 | |
| Get Time | type = Performance Ctr, time = 16787339900 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16787726584 |
|
1 | |
| Get Time | type = Ticks, time = 167906 |
|
12 | |
| Get Time | type = Performance Ctr, time = 16793839897 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16794274615 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16794576139 |
|
1 | |
| Get Time | type = Ticks, time = 167921 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16795210479 |
|
1 | |
| Get Time | type = Ticks, time = 168031 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16807043351 |
|
1 | |
| Get Time | type = Ticks, time = 168078 |
|
8 | |
| Get Time | type = Performance Ctr, time = 16811446690 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16811929965 |
|
1 | |
| Get Time | type = Ticks, time = 168140 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16817591936 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16821245297 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16821272282 |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
2 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = WinRAR_Busy |
|
1 | |
| Release | mutex_name = WinRAR_Busy |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #10: winrar.exe
2745
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\users\fd1hvy\appdata\local\temp\winrar.exe |
| Command Line | C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents * |
| Initial Working Directory | C:\Users\FD1HVy\Documents\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf64 |
| Parent PID | 0x46c (c:\windows\syswow64\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
48C
0x
D2C
0x
E44
0x
174
0x
9E8
0x
9FC
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
128C
0x
1290
0x
1294
0x
1298
0x
129C
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| winrar.exe | 0x7FF6F74D0000 | 0x7FF6F779FFFF | Process Termination | - | 64-bit | - |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | 0.01 KB |
MD5:
86d13c755ee816538758ea7aa2942899
SHA1: 2bc649ed0171190ae9d4a76a399a2c82310c4c2d SHA256: 1dcf06035130cacff7d4ff78c0337532eacb190647b9e1633d247fc69e34d62a SSDeep: 3:bZi:4 |
|
|
| Documents.rar | 2.54 MB |
MD5:
370e8acf7a8d836e91d6f1a593bfad56
SHA1: 624bebba8d39ce5f887f41d51e66160f4c3596cc SHA256: 012fb962c6ff6e5153eb240c019c139c5bfb95c1bf664d5750b102b6058057ab SSDeep: 49152:eZJE7juqkEOpR7YAjDh1+n65Q/6qChell8dlKffN48iRFTxrT5g:eZojKpLb+iy8hof21xe |
|
|
Host Behavior
COM (15)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 56FDF344-FD6D-11D0-958A-006097C9A090 | EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF | cls_context = CLSCTX_INPROC_SERVER |
|
15 |
File (436)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | Documents.rar | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\Documents\Documents.rar | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Documents.rar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\Documents\Documents.rar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Documents.rar | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | -3PSVPdo1rq8.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 5okJ0wdSjHps.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 5YJHRW-JZoT5E S09D.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 7I1yC6W53.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 8CFpoZ DqeCI.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | d8N7eT8cGeAbq0mZ CKY.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Database1.accdb | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | eBvOtmtGs9oVXiPynY.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | FoGmW sbJbVrE-.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | g9y9 K 4j.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | jYH_Ha3VQR8eB_bONWr9.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | My Shapes\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | My Shapes\Favorites.vssx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | My Shapes\_private\folder.ico | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | MZgybshM.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | NdfE2nFSq.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | nt5k6gcCx.pdf | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Outlook Files\kkcie@kdj.kd.pst | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | qBs_.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | rhEg_RUaix7K66ZWCFGd.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | uGw1_n9EtC7y-G8.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Vtgh45Nfdq0.pptx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | vZ5hUHAIiw4NGepftsf.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | XvD0nTrkTg7W8h.xlsx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | _jIR7aHVEY1Y7.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Add Search Path | - | - |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR | type = file_attributes |
|
7 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | type = file_type |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg | type = file_attributes |
|
2 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg | type = file_attributes |
|
2 | |
| Get Info | Documents | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\Documents\Documents | type = file_attributes |
|
1 | |
| Get Info | Documents.rar | type = file_attributes |
|
3 | |
| Get Info | \\?\C:\Users\FD1HVy\Documents\Documents.rar | type = file_attributes |
|
3 | |
| Get Info | Documents.zip | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\Documents\Documents.zip | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes | type = file_attributes |
|
1 | |
| Get Info | My Music | type = file_attributes |
|
1 | |
| Get Info | My Pictures | type = file_attributes |
|
1 | |
| Get Info | My Videos | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | -3PSVPdo1rq8.docx | size = 1048576, size_out = 22681 |
|
1 | |
| Read | -3PSVPdo1rq8.docx | size = 1025895, size_out = 0 |
|
1 | |
| Read | 5okJ0wdSjHps.docx | size = 1048576, size_out = 22922 |
|
1 | |
| Read | 5okJ0wdSjHps.docx | size = 1025654, size_out = 0 |
|
1 | |
| Read | 5YJHRW-JZoT5E S09D.pptx | size = 1048576, size_out = 1917 |
|
1 | |
| Read | 5YJHRW-JZoT5E S09D.pptx | size = 1046659, size_out = 0 |
|
1 | |
| Read | 7I1yC6W53.doc | size = 1048576, size_out = 2265 |
|
1 | |
| Read | 7I1yC6W53.doc | size = 1046311, size_out = 0 |
|
1 | |
| Read | 8CFpoZ DqeCI.doc | size = 1048576, size_out = 99449 |
|
1 | |
| Read | 8CFpoZ DqeCI.doc | size = 949127, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx | size = 1048576, size_out = 72805 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx | size = 975771, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx | size = 1048576, size_out = 75828 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx | size = 972748, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx | size = 1048576, size_out = 21820 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx | size = 1026756, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf | size = 1048576, size_out = 50615 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf | size = 997961, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx | size = 1048576, size_out = 79280 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx | size = 969296, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf | size = 1048576, size_out = 59842 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf | size = 988734, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx | size = 1048576, size_out = 65013 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx | size = 983563, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt | size = 1048576, size_out = 17856 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt | size = 1030720, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx | size = 1048576, size_out = 41060 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx | size = 1007516, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv | size = 1048576, size_out = 3270 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv | size = 1045306, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots | size = 1048576, size_out = 75533 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots | size = 973043, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv | size = 1048576, size_out = 4370 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv | size = 1044206, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods | size = 1048576, size_out = 12823 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods | size = 1035753, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls | size = 1048576, size_out = 101096 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls | size = 947480, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx | size = 1048576, size_out = 51715 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx | size = 996861, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc | size = 1048576, size_out = 11225 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc | size = 1037351, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf | size = 1048576, size_out = 76789 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf | size = 971787, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx | size = 1048576, size_out = 101996 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx | size = 946580, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods | size = 1048576, size_out = 76279 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods | size = 972297, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods | size = 1048576, size_out = 28325 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods | size = 1020251, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv | size = 1048576, size_out = 74809 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv | size = 973767, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt | size = 1048576, size_out = 79125 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt | size = 969451, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt | size = 1048576, size_out = 67193 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt | size = 981383, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv | size = 1048576, size_out = 1058 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv | size = 1047518, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots | size = 1048576, size_out = 102227 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots | size = 946349, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf | size = 1048576, size_out = 34385 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf | size = 1014191, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt | size = 1048576, size_out = 62018 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt | size = 986558, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps | size = 1048576, size_out = 53507 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps | size = 995069, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx | size = 1048576, size_out = 100419 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx | size = 948157, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods | size = 1048576, size_out = 33711 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods | size = 1014865, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv | size = 1048576, size_out = 55794 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv | size = 992782, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp | size = 1048576, size_out = 30026 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp | size = 1018550, size_out = 0 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx | size = 1048576, size_out = 44333 |
|
1 | |
| Read | 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx | size = 1004243, size_out = 0 |
|
1 | |
| Read | d8N7eT8cGeAbq0mZ CKY.xlsx | size = 1048576, size_out = 52391 |
|
1 | |
| Read | d8N7eT8cGeAbq0mZ CKY.xlsx | size = 996185, size_out = 0 |
|
1 | |
| Read | Database1.accdb | size = 1048576, size_out = 348160 |
|
1 | |
| Read | Database1.accdb | size = 700416, size_out = 0 |
|
1 | |
| Read | desktop.ini | size = 1048576, size_out = 402 |
|
1 | |
| Read | desktop.ini | size = 1048174, size_out = 0 |
|
1 | |
| Read | eBvOtmtGs9oVXiPynY.xlsx | size = 1048576, size_out = 26111 |
|
1 | |
| Read | eBvOtmtGs9oVXiPynY.xlsx | size = 1022465, size_out = 0 |
|
1 | |
| Read | FoGmW sbJbVrE-.pptx | size = 1048576, size_out = 7234 |
|
1 | |
| Read | FoGmW sbJbVrE-.pptx | size = 1041342, size_out = 0 |
|
1 | |
| Read | g9y9 K 4j.pptx | size = 1048576, size_out = 85473 |
|
1 | |
| Read | g9y9 K 4j.pptx | size = 963103, size_out = 0 |
|
1 | |
| Read | jYH_Ha3VQR8eB_bONWr9.pptx | size = 1048576, size_out = 51177 |
|
1 | |
| Read | jYH_Ha3VQR8eB_bONWr9.pptx | size = 997399, size_out = 0 |
|
1 | |
| Read | My Shapes\desktop.ini | size = 1048576, size_out = 216 |
|
1 | |
| Read | My Shapes\desktop.ini | size = 1048360, size_out = 0 |
|
1 | |
| Read | My Shapes\Favorites.vssx | size = 1048576, size_out = 0 |
|
1 | |
| Read | My Shapes\_private\folder.ico | size = 1048576, size_out = 29926 |
|
1 | |
| Read | My Shapes\_private\folder.ico | size = 1018650, size_out = 0 |
|
1 | |
| Read | MZgybshM.pptx | size = 1048576, size_out = 54061 |
|
1 | |
| Read | MZgybshM.pptx | size = 994515, size_out = 0 |
|
1 | |
| Read | NdfE2nFSq.xlsx | size = 1048576, size_out = 59045 |
|
1 | |
| Read | NdfE2nFSq.xlsx | size = 989531, size_out = 0 |
|
1 | |
| Read | nt5k6gcCx.pdf | size = 1048576, size_out = 33243 |
|
1 | |
| Read | nt5k6gcCx.pdf | size = 1015333, size_out = 0 |
|
1 | |
| Read | Outlook Files\kkcie@kdj.kd.pst | size = 1048576, size_out = 271360 |
|
1 | |
| Read | Outlook Files\kkcie@kdj.kd.pst | size = 777216, size_out = 0 |
|
1 | |
| Read | qBs_.docx | size = 1048576, size_out = 60299 |
|
1 | |
| Read | qBs_.docx | size = 988277, size_out = 0 |
|
1 | |
| Read | rhEg_RUaix7K66ZWCFGd.xlsx | size = 1048576, size_out = 80968 |
|
1 | |
| Read | rhEg_RUaix7K66ZWCFGd.xlsx | size = 967608, size_out = 0 |
|
1 | |
| Read | uGw1_n9EtC7y-G8.xlsx | size = 1048576, size_out = 18127 |
|
1 | |
| Read | uGw1_n9EtC7y-G8.xlsx | size = 1030449, size_out = 0 |
|
1 | |
| Read | Vtgh45Nfdq0.pptx | size = 1048576, size_out = 96832 |
|
1 | |
| Read | Vtgh45Nfdq0.pptx | size = 951744, size_out = 0 |
|
1 | |
| Read | vZ5hUHAIiw4NGepftsf.docx | size = 1048576, size_out = 12413 |
|
1 | |
| Read | vZ5hUHAIiw4NGepftsf.docx | size = 1036163, size_out = 0 |
|
1 | |
| Read | XvD0nTrkTg7W8h.xlsx | size = 1048576, size_out = 51056 |
|
1 | |
| Read | XvD0nTrkTg7W8h.xlsx | size = 997520, size_out = 0 |
|
1 | |
| Read | _jIR7aHVEY1Y7.docx | size = 1048576, size_out = 12279 |
|
1 | |
| Read | _jIR7aHVEY1Y7.docx | size = 1036297, size_out = 0 |
|
1 | |
| Write | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | size = 12 |
|
1 | |
| Write | Documents.rar | size = 8 |
|
2 | |
| Write | Documents.rar | size = 17 |
|
2 | |
| Write | Documents.rar | size = 22768 |
|
1 | |
| Write | Documents.rar | size = 101 |
|
3 | |
| Write | Documents.rar | size = 23024 |
|
1 | |
| Write | Documents.rar | size = 1984 |
|
1 | |
| Write | Documents.rar | size = 105 |
|
1 | |
| Write | Documents.rar | size = 2320 |
|
1 | |
| Write | Documents.rar | size = 95 |
|
1 | |
| Write | Documents.rar | size = 99680 |
|
1 | |
| Write | Documents.rar | size = 100 |
|
2 | |
| Write | Documents.rar | size = 72960 |
|
1 | |
| Write | Documents.rar | size = 121 |
|
3 | |
| Write | Documents.rar | size = 76000 |
|
1 | |
| Write | Documents.rar | size = 127 |
|
1 | |
| Write | Documents.rar | size = 21904 |
|
1 | |
| Write | Documents.rar | size = 50784 |
|
1 | |
| Write | Documents.rar | size = 79424 |
|
1 | |
| Write | Documents.rar | size = 126 |
|
1 | |
| Write | Documents.rar | size = 59968 |
|
1 | |
| Write | Documents.rar | size = 137 |
|
1 | |
| Write | Documents.rar | size = 65152 |
|
1 | |
| Write | Documents.rar | size = 135 |
|
2 | |
| Write | Documents.rar | size = 17968 |
|
1 | |
| Write | Documents.rar | size = 141 |
|
2 | |
| Write | Documents.rar | size = 41168 |
|
1 | |
| Write | Documents.rar | size = 146 |
|
1 | |
| Write | Documents.rar | size = 3328 |
|
1 | |
| Write | Documents.rar | size = 75712 |
|
1 | |
| Write | Documents.rar | size = 140 |
|
2 | |
| Write | Documents.rar | size = 4432 |
|
1 | |
| Write | Documents.rar | size = 138 |
|
2 | |
| Write | Documents.rar | size = 12880 |
|
1 | |
| Write | Documents.rar | size = 143 |
|
2 | |
| Write | Documents.rar | size = 101344 |
|
1 | |
| Write | Documents.rar | size = 132 |
|
1 | |
| Write | Documents.rar | size = 51856 |
|
1 | |
| Write | Documents.rar | size = 11248 |
|
1 | |
| Write | Documents.rar | size = 65008 |
|
1 | |
| Write | Documents.rar | size = 102224 |
|
1 | |
| Write | Documents.rar | size = 130 |
|
1 | |
| Write | Documents.rar | size = 76464 |
|
1 | |
| Write | Documents.rar | size = 157 |
|
2 | |
| Write | Documents.rar | size = 28400 |
|
1 | |
| Write | Documents.rar | size = 152 |
|
1 | |
| Write | Documents.rar | size = 74976 |
|
1 | |
| Write | Documents.rar | size = 79296 |
|
1 | |
| Write | Documents.rar | size = 167 |
|
1 | |
| Write | Documents.rar | size = 67376 |
|
1 | |
| Write | Documents.rar | size = 151 |
|
2 | |
| Write | Documents.rar | size = 1120 |
|
1 | |
| Write | Documents.rar | size = 102464 |
|
1 | |
| Write | Documents.rar | size = 34512 |
|
1 | |
| Write | Documents.rar | size = 171 |
|
1 | |
| Write | Documents.rar | size = 62160 |
|
1 | |
| Write | Documents.rar | size = 155 |
|
1 | |
| Write | Documents.rar | size = 53648 |
|
1 | |
| Write | Documents.rar | size = 178 |
|
1 | |
| Write | Documents.rar | size = 100656 |
|
1 | |
| Write | Documents.rar | size = 179 |
|
1 | |
| Write | Documents.rar | size = 33856 |
|
1 | |
| Write | Documents.rar | size = 180 |
|
1 | |
| Write | Documents.rar | size = 55936 |
|
1 | |
| Write | Documents.rar | size = 122 |
|
1 | |
| Write | Documents.rar | size = 30112 |
|
1 | |
| Write | Documents.rar | size = 131 |
|
1 | |
| Write | Documents.rar | size = 44432 |
|
1 | |
| Write | Documents.rar | size = 119 |
|
1 | |
| Write | Documents.rar | size = 52544 |
|
1 | |
| Write | Documents.rar | size = 109 |
|
3 | |
| Write | Documents.rar | size = 11312 |
|
1 | |
| Write | Documents.rar | size = 99 |
|
1 | |
| Write | Documents.rar | size = 192 |
|
1 | |
| Write | Documents.rar | size = 93 |
|
3 | |
| Write | Documents.rar | size = 26176 |
|
1 | |
| Write | Documents.rar | size = 107 |
|
1 | |
| Write | Documents.rar | size = 7280 |
|
1 | |
| Write | Documents.rar | size = 85680 |
|
1 | |
| Write | Documents.rar | size = 98 |
|
2 | |
| Write | Documents.rar | size = 51344 |
|
1 | |
| Write | Documents.rar | size = 160 |
|
1 | |
| Write | Documents.rar | size = 103 |
|
2 | |
| Write | Documents.rar | size = 16 |
|
1 | |
| Write | Documents.rar | size = 106 |
|
1 | |
| Write | Documents.rar | size = 11904 |
|
1 | |
| Write | Documents.rar | size = 113 |
|
1 | |
| Write | Documents.rar | size = 54208 |
|
1 | |
| Write | Documents.rar | size = 97 |
|
2 | |
| Write | Documents.rar | size = 59168 |
|
1 | |
| Write | Documents.rar | size = 33376 |
|
1 | |
| Write | Documents.rar | size = 14400 |
|
1 | |
| Write | Documents.rar | size = 115 |
|
1 | |
| Write | Documents.rar | size = 60432 |
|
1 | |
| Write | Documents.rar | size = 81120 |
|
1 | |
| Write | Documents.rar | size = 18224 |
|
1 | |
| Write | Documents.rar | size = 104 |
|
1 | |
| Write | Documents.rar | size = 97024 |
|
1 | |
| Write | Documents.rar | size = 12464 |
|
1 | |
| Write | Documents.rar | size = 108 |
|
1 | |
| Write | Documents.rar | size = 51200 |
|
1 | |
| Write | Documents.rar | size = 12320 |
|
1 | |
| Write | Documents.rar | size = 102 |
|
2 | |
| Write | Documents.rar | size = 74 |
|
1 | |
| Write | Documents.rar | size = 84 |
|
1 | |
| Write | Documents.rar | size = 92 |
|
1 | |
| Write | Documents.rar | size = 65 |
|
1 | |
| Write | Documents.rar | size = 78 |
|
1 | |
| Write | Documents.rar | size = 58 |
|
1 | |
| Write | Documents.rar | size = 49 |
|
2 | |
| Write | Documents.rar | size = 40 |
|
2 | |
| Write | Documents.rar | size = 43 |
|
1 | |
| Write | Documents.rar | size = 41 |
|
1 | |
| Write | Documents.rar | size = 44 |
|
1 | |
| Write | Documents.rar | size = 19 |
|
1 | |
| Write | Documents.rar | size = 7192 |
|
1 | |
| Delete Directory | Outlook Files | - |
|
1 | |
| Delete Directory | My Videos | - |
|
1 | |
| Delete Directory | My Shapes\_private | - |
|
1 | |
| Delete Directory | My Shapes | - |
|
1 | |
| Delete Directory | My Pictures | - |
|
1 | |
| Delete Directory | My Music | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5 | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv\qfqeMqDF | - |
|
1 | |
| Delete Directory | 9EMbKuPh551l7_WJZv | - |
|
1 | |
| Delete | _jIR7aHVEY1Y7.docx | - |
|
1 | |
| Delete | XvD0nTrkTg7W8h.xlsx | - |
|
1 | |
| Delete | vZ5hUHAIiw4NGepftsf.docx | - |
|
1 | |
| Delete | Vtgh45Nfdq0.pptx | - |
|
1 | |
| Delete | uGw1_n9EtC7y-G8.xlsx | - |
|
1 | |
| Delete | rhEg_RUaix7K66ZWCFGd.xlsx | - |
|
1 | |
| Delete | qBs_.docx | - |
|
1 | |
| Delete | Outlook Files\kkcie@kdj.kd.pst | - |
|
1 | |
| Delete | nt5k6gcCx.pdf | - |
|
1 | |
| Delete | NdfE2nFSq.xlsx | - |
|
1 | |
| Delete | MZgybshM.pptx | - |
|
1 | |
| Delete | My Shapes\_private\folder.ico | - |
|
1 | |
| Delete | My Shapes\Favorites.vssx | - |
|
1 | |
| Delete | My Shapes\desktop.ini | - |
|
1 | |
| Delete | jYH_Ha3VQR8eB_bONWr9.pptx | - |
|
1 | |
| Delete | g9y9 K 4j.pptx | - |
|
1 | |
| Delete | FoGmW sbJbVrE-.pptx | - |
|
1 | |
| Delete | eBvOtmtGs9oVXiPynY.xlsx | - |
|
1 | |
| Delete | desktop.ini | - |
|
1 | |
| Delete | Database1.accdb | - |
|
1 | |
| Delete | d8N7eT8cGeAbq0mZ CKY.xlsx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx | - |
|
1 | |
| Delete | 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx | - |
|
1 | |
| Delete | 8CFpoZ DqeCI.doc | - |
|
1 | |
| Delete | 7I1yC6W53.doc | - |
|
1 | |
| Delete | 5YJHRW-JZoT5E S09D.pptx | - |
|
1 | |
| Delete | 5okJ0wdSjHps.docx | - |
|
1 | |
| Delete | -3PSVPdo1rq8.docx | - |
|
1 |
Registry (244)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Paths | - |
|
7 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\WinRAR\Policy | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Policy | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Extraction | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
81 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Compression | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList | - |
|
8 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface | - |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = rarkey, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Priority, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = rarreg.key, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXModule, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFX, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXIcon, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXLogo, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtDataWide, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtTextWide, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtTextData, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolumeSize, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Recovery, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PasswordData, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EmailArcTo, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PackDetails, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ActivePath, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface | value_name = SystemProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface | value_name = TaskbarProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = VerInfo, size = 12, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ShellExtBMP, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ShellExtIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = name, data = 120, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = size, data = 80, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = type, data = 120, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = mtime, data = 100, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Module (40)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x7ff92f150000 |
|
1 | |
| Load | C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll | base_address = 0x0 |
|
1 | |
| Load | C:\WINDOWS\system32\riched20.dll | base_address = 0x7ff912450000 |
|
1 | |
| Load | C:\WINDOWS\system32\Crypt32.dll | base_address = 0x7ff92e880000 |
|
1 | |
| Load | api-ms-win-appmodel-runtime-l1-1-1 | base_address = 0x7ff92e3f0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
3 | |
| Get Handle | c:\users\fd1hvy\appdata\local\temp\winrar.exe | base_address = 0x7ff6f74d0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\appdata\local\temp\winrar.exe | base_address = 0x7ff6f74d0000 |
|
2 | |
| Get Handle | mscoree.dll | - |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
2 | |
| Get Filename | C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
4 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address_out = 0x7ff931fb35c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x7ff92f1be960 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x7ff931fa6090 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetDllDirectoryW, address_out = 0x7ff92fdee3c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x7ff92f228b70 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptProtectMemory, address_out = 0x7ff92d8c1770 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptUnprotectMemory, address_out = 0x7ff92d8c17a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CompareStringOrdinal, address_out = 0x7ff92fde8fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel.appcore.dll | function = GetCurrentPackageId, address_out = 0x7ff92e3f2b30 |
|
1 |
Window (6)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | WinRAR | class_name = WinRarWindow, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = SysListView32, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Find | - | class_name = WinRarWindow |
|
1 | |
| Find | - | class_name = WinRarWindow |
|
1 |
Keyboard (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
6 |
System (1185)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Performance Ctr, time = 14893080587 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:35 (UTC) |
|
1 | |
| Get Time | type = Local Time, time = 2019-03-31 23:13:38 (Local Time) |
|
1 | |
| Get Time | type = Performance Ctr, time = 15237274695 |
|
1 | |
| Get Time | type = Ticks, time = 152781 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15281397310 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15338057145 |
|
1 | |
| Get Time | type = Ticks, time = 153718 |
|
1 | |
| Get Time | type = Ticks, time = 153734 |
|
2 | |
| Get Time | type = Ticks, time = 153750 |
|
2 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
2 | |
| Get Time | type = Performance Ctr, time = 15389937088 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15390308705 |
|
1 | |
| Get Time | type = Ticks, time = 153875 |
|
1 | |
| Get Time | type = Ticks, time = 172296 |
|
2 | |
| Get Time | type = Performance Ctr, time = 17233011526 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:58 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 17233895528 |
|
1 | |
| Get Time | type = Ticks, time = 172312 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17234931677 |
|
1 | |
| Get Time | type = Ticks, time = 172390 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17243097170 |
|
1 | |
| Get Time | type = Ticks, time = 173093 |
|
10 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
13 | |
| Get Time | type = Performance Ctr, time = 17312499738 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17312694042 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17313268252 |
|
1 | |
| Get Time | type = Ticks, time = 173109 |
|
22 | |
| Get Time | type = Performance Ctr, time = 17313828493 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17314001516 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17314079364 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17314408867 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17314525949 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17314683803 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17315004614 |
|
1 | |
| Get Time | type = Ticks, time = 173125 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17315292954 |
|
1 | |
| Get Time | type = Ticks, time = 173234 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17327489494 |
|
1 | |
| Get Time | type = Ticks, time = 173250 |
|
2 | |
| Get Time | type = Performance Ctr, time = 17329009933 |
|
1 | |
| Get Time | type = Ticks, time = 173265 |
|
9 | |
| Get Time | type = Performance Ctr, time = 17329562430 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17330182227 |
|
1 | |
| Get Time | type = Ticks, time = 173281 |
|
9 | |
| Get Time | type = Performance Ctr, time = 17330982924 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17331326499 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17331985157 |
|
1 | |
| Get Time | type = Ticks, time = 173296 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17333035000 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17333349121 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17333826325 |
|
1 | |
| Get Time | type = Ticks, time = 173312 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17334326921 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17334518280 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17335113686 |
|
1 | |
| Get Time | type = Ticks, time = 173328 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17335908914 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17336184496 |
|
1 | |
| Get Time | type = Ticks, time = 173343 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17337519676 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17338151059 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17338495493 |
|
1 | |
| Get Time | type = Ticks, time = 173359 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17339096636 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17339690163 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17340026632 |
|
1 | |
| Get Time | type = Ticks, time = 173375 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17340790813 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17341572289 |
|
1 | |
| Get Time | type = Ticks, time = 173390 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17341891199 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17342133985 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17342682309 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17342858027 |
|
1 | |
| Get Time | type = Ticks, time = 173906 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17393863167 |
|
1 | |
| Get Time | type = Ticks, time = 173921 |
|
16 | |
| Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
24 | |
| Get Time | type = Performance Ctr, time = 17395400110 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17395637798 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17395791743 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17396157927 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17396316566 |
|
1 | |
| Get Time | type = Ticks, time = 173937 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17397211839 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17397794181 |
|
1 | |
| Get Time | type = Ticks, time = 173953 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17398270680 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17398459574 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17398813251 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17398946892 |
|
1 | |
| Get Time | type = Ticks, time = 173968 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17399944876 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17400304892 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17400496353 |
|
1 | |
| Get Time | type = Ticks, time = 173984 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17401471925 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17402440986 |
|
1 | |
| Get Time | type = Ticks, time = 174000 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17402883607 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17403545391 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17404148748 |
|
1 | |
| Get Time | type = Ticks, time = 174015 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17404593969 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17404814499 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17405223615 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17405442557 |
|
1 | |
| Get Time | type = Ticks, time = 174031 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17406977159 |
|
1 | |
| Get Time | type = Ticks, time = 174046 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17407912127 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17408362001 |
|
1 | |
| Get Time | type = Ticks, time = 174062 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17409572212 |
|
1 | |
| Get Time | type = Ticks, time = 174078 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17411165982 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17411705448 |
|
1 | |
| Get Time | type = Ticks, time = 174109 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17414018315 |
|
1 | |
| Get Time | type = Ticks, time = 174125 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17415595849 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17416072396 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17416546950 |
|
1 | |
| Get Time | type = Ticks, time = 174140 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17417539088 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17417817700 |
|
1 | |
| Get Time | type = Ticks, time = 174156 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17418905920 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17419571659 |
|
1 | |
| Get Time | type = Ticks, time = 174171 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17420835313 |
|
1 | |
| Get Time | type = Ticks, time = 174187 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17421662984 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17422489183 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17422854279 |
|
1 | |
| Get Time | type = Ticks, time = 174203 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17423656811 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17424228922 |
|
1 | |
| Get Time | type = Ticks, time = 174218 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17424875515 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17425298146 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17425642081 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17425820029 |
|
1 | |
| Get Time | type = Ticks, time = 174234 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17426953934 |
|
1 | |
| Get Time | type = Ticks, time = 174250 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17427826814 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17428244571 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17429156392 |
|
1 | |
| Get Time | type = Ticks, time = 174265 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17429850768 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17430101247 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17430610303 |
|
1 | |
| Get Time | type = Ticks, time = 174281 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17431475713 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17431788652 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17432297566 |
|
1 | |
| Get Time | type = Ticks, time = 174296 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17433202104 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17433503087 |
|
1 | |
| Get Time | type = Ticks, time = 174312 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17434478550 |
|
1 | |
| Get Time | type = Ticks, time = 174328 |
|
2 | |
| Get Time | type = Performance Ctr, time = 17436970994 |
|
1 | |
| Get Time | type = Ticks, time = 174343 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17437569162 |
|
1 | |
| Get Time | type = Ticks, time = 174359 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17439596112 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17440109337 |
|
1 | |
| Get Time | type = Ticks, time = 174375 |
|
9 | |
| Get Time | type = Performance Ctr, time = 17440476526 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17441103127 |
|
1 | |
| Get Time | type = Ticks, time = 174390 |
|
11 | |
| Get Time | type = Performance Ctr, time = 17441969475 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17442368944 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17442733852 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17443201816 |
|
1 | |
| Get Time | type = Ticks, time = 174406 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17443591628 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17444793067 |
|
1 | |
| Get Time | type = Ticks, time = 174828 |
|
2 | |
| Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
21 | |
| Get Time | type = Performance Ctr, time = 17486883434 |
|
1 | |
| Get Time | type = Ticks, time = 174843 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17487317354 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17488156602 |
|
1 | |
| Get Time | type = Ticks, time = 174859 |
|
2 | |
| Get Time | type = Performance Ctr, time = 17488984057 |
|
1 | |
| Get Time | type = Ticks, time = 174921 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17496229028 |
|
1 | |
| Get Time | type = Ticks, time = 174968 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17499825070 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17500708533 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17500908483 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17501032263 |
|
1 | |
| Get Time | type = Ticks, time = 174984 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17501845711 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17502047160 |
|
1 | |
| Get Time | type = Ticks, time = 175000 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17502846151 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17503586839 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17503848586 |
|
1 | |
| Get Time | type = Ticks, time = 175015 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17504714568 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17505072750 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17505249582 |
|
1 | |
| Get Time | type = Ticks, time = 175031 |
|
5 | |
| Get Time | type = Performance Ctr, time = 17506145268 |
|
1 | |
| Get Time | type = Ticks, time = 175046 |
|
9 | |
| Get Time | type = Performance Ctr, time = 17507484539 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17508028699 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17508791658 |
|
1 | |
| Get Time | type = Ticks, time = 175062 |
|
16 | |
| Get Time | type = Performance Ctr, time = 17509544708 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17509830108 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17509856124 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17510222792 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17510276768 |
|
1 | |
| Get Time | type = Ticks, time = 175093 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17512711009 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17512919464 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17513344999 |
|
1 | |
| Get Time | type = Ticks, time = 175109 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17514186020 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17514392927 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17514896637 |
|
1 | |
| Get Time | type = Ticks, time = 175125 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17515615397 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17515918095 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17516471876 |
|
1 | |
| Get Time | type = Ticks, time = 175140 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17517382322 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17517680647 |
|
1 | |
| Get Time | type = Ticks, time = 175156 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17519388254 |
|
1 | |
| Get Time | type = Ticks, time = 175171 |
|
2 | |
| Get Time | type = Performance Ctr, time = 17520503562 |
|
1 | |
| Get Time | type = Ticks, time = 175265 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17530420120 |
|
1 | |
| Get Time | type = Ticks, time = 175281 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17531753452 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17532276274 |
|
1 | |
| Get Time | type = Ticks, time = 175296 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17532728270 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17533251013 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17533975658 |
|
1 | |
| Get Time | type = Ticks, time = 175312 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17534319474 |
|
1 | |
| Get Time | type = Ticks, time = 175328 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17536269939 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17537125405 |
|
1 | |
| Get Time | type = Ticks, time = 175343 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17537516461 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17537770793 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17538232087 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17538430126 |
|
1 | |
| Get Time | type = Ticks, time = 175359 |
|
5 | |
| Get Time | type = Performance Ctr, time = 17539332054 |
|
1 | |
| Get Time | type = Ticks, time = 175375 |
|
9 | |
| Get Time | type = Performance Ctr, time = 17540747802 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17541140759 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17541466602 |
|
1 | |
| Get Time | type = Ticks, time = 175390 |
|
6 | |
| Get Time | type = Performance Ctr, time = 17542231547 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17542532123 |
|
1 | |
| Get Time | type = Ticks, time = 175734 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17577015267 |
|
1 | |
| Get Time | type = Ticks, time = 175750 |
|
12 | |
| Get Time | type = Performance Ctr, time = 17578273100 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17578545243 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17578758359 |
|
1 | |
| Get Time | type = Ticks, time = 175765 |
|
10 | |
| Get Time | type = Ticks, time = 175781 |
|
9 | |
| Get Time | type = Ticks, time = 175796 |
|
9 | |
| Get Time | type = Ticks, time = 178859 |
|
2 | |
| Get Time | type = Performance Ctr, time = 17889674789 |
|
1 | |
| Get Time | type = Ticks, time = 178875 |
|
2 | |
| Get Time | type = Ticks, time = 178953 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17898830696 |
|
1 | |
| Get Time | type = Ticks, time = 178968 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17900048800 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17900365671 |
|
1 | |
| Get Time | type = Ticks, time = 179015 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17904867157 |
|
1 | |
| Get Time | type = Ticks, time = 179031 |
|
12 | |
| Get Time | type = Performance Ctr, time = 17905861202 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17906562083 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17906874778 |
|
1 | |
| Get Time | type = Ticks, time = 179046 |
|
12 | |
| Get Time | type = Performance Ctr, time = 17907403320 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17907740271 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17908353731 |
|
1 | |
| Get Time | type = Ticks, time = 179062 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17909464018 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17909764005 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17915905047 |
|
1 | |
| Get Time | type = Ticks, time = 179125 |
|
4 | |
| Get Time | type = Performance Ctr, time = 17916437164 |
|
1 | |
| Get Time | type = Ticks, time = 179140 |
|
22 | |
| Get Time | type = Performance Ctr, time = 17916782902 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17917007099 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17917294523 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17917518306 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17917762068 |
|
1 | |
| Get Time | type = Ticks, time = 179156 |
|
16 | |
| Get Time | type = Performance Ctr, time = 17918459191 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17918767603 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17919073266 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17919345699 |
|
1 | |
| Get Time | type = Ticks, time = 179171 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17919659472 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17919972662 |
|
1 | |
| Get Time | type = Ticks, time = 179187 |
|
10 | |
| Get Time | type = Performance Ctr, time = 17921738478 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17922235545 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17923111805 |
|
1 | |
| Get Time | type = Ticks, time = 179203 |
|
14 | |
| Get Time | type = Performance Ctr, time = 17923415324 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17923709041 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17924005872 |
|
1 | |
| Get Time | type = Ticks, time = 179218 |
|
1 | |
| Get Time | type = Ticks, time = 179234 |
|
7 | |
| Get Time | type = Performance Ctr, time = 17925804232 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17927208697 |
|
1 | |
| Get Time | type = Ticks, time = 179250 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17928197459 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17928586139 |
|
1 | |
| Get Time | type = Ticks, time = 179265 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17929429624 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17929970266 |
|
1 | |
| Get Time | type = Ticks, time = 179281 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17931374379 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17931674388 |
|
1 | |
| Get Time | type = Ticks, time = 179296 |
|
17 | |
| Get Time | type = Performance Ctr, time = 17932218098 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17932540059 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17932853992 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17933188998 |
|
1 | |
| Get Time | type = Ticks, time = 179312 |
|
15 | |
| Get Time | type = Performance Ctr, time = 17933777472 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17934321877 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17934652315 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17934932669 |
|
1 | |
| Get Time | type = Ticks, time = 179328 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17935601482 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17936339247 |
|
1 | |
| Get Time | type = Ticks, time = 179343 |
|
20 | |
| Get Time | type = Performance Ctr, time = 17936746879 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17937208053 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17937530601 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17937862308 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17938145710 |
|
1 | |
| Get Time | type = Ticks, time = 179359 |
|
12 | |
| Get Time | type = Performance Ctr, time = 17938704546 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17939001190 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17939301425 |
|
1 | |
| Get Time | type = Ticks, time = 179375 |
|
8 | |
| Get Time | type = Performance Ctr, time = 17940437139 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17941239470 |
|
1 | |
| Get Time | type = Ticks, time = 179390 |
|
9 | |
| Get Time | type = Performance Ctr, time = 17941726917 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17942030174 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17956122216 |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
2 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = WinRAR_Busy |
|
1 | |
| Release | mutex_name = WinRAR_Busy |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #11: winrar.exe
2030
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\users\fd1hvy\appdata\local\temp\winrar.exe |
| Command Line | C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures * |
| Initial Working Directory | C:\Users\FD1HVy\Pictures\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x754 |
| Parent PID | 0xa9c (c:\windows\syswow64\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CD8
0x
388
0x
824
0x
4AC
0x
EF8
0x
F70
0x
9E0
0x
B84
0x
D6C
0x
EB0
0x
E40
0x
FBC
0x
E90
0x
BEC
0x
FB8
0x
F84
0x
D5C
0x
CA0
0x
D1C
0x
FB4
0x
D7C
0x
ECC
0x
E98
0x
EE0
0x
324
0x
FB0
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
1044
0x
1048
0x
104C
0x
1050
0x
1054
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| winrar.exe | 0x7FF6F74D0000 | 0x7FF6F779FFFF | Process Termination | - | 64-bit | - |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| Pictures.rar | 2.09 MB |
MD5:
1529f351c2fa6e418339daccb62c82e7
SHA1: 8553fc21b935c408f801bc2080da58f1bff66f69 SHA256: 799c8d082fe7ee8bd2094495e17edd836ff1680e185d8297eb5da5a5a1ce8c3e SSDeep: 49152:QJODSx4QT/yfmAl/gencu3YT/woKEo5HKOqA0A5JOGKwOyVCN:QJ9ufmLhwb5KAa5 |
|
|
Host Behavior
COM (16)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 56FDF344-FD6D-11D0-958A-006097C9A090 | EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF | cls_context = CLSCTX_INPROC_SERVER |
|
16 |
File (291)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | Pictures.rar | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\Pictures\Pictures.rar | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Pictures.rar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | \\?\C:\Users\FD1HVy\Pictures\Pictures.rar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Pictures.rar | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | 17Kei.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 1Uee5Fu 2XCwi8fG.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 5qnTEjfG9KjtBUIojvlC.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 6xi8hATC8ep.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 7ZwWGMcIaUjWjMVJAe.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 8eYKFrOBbq-TuX.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | 9BtQRHA1y.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | A4ii4MOpBgpQwQBT.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | aHz4Hx-PBeuX.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | awTUht89JcK2K D7j9i.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | c9ZaReaCiTG.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Camera Roll\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Cg4L5J0Hp5g.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | dw0z-rObH0-zF2.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | FiPd_4qvOx8j.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | g6r96fa7GyN6.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | gTXyE1NkEEb.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | H6PwCN3oyZKOwFQ.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | H7Jzn2.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | hh1Bz.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | HPs4cKd.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | job -V_cE7uVrHssoWW.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | KmDsFaqbjMnNn4BN.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | m3ksaTaVuXM_ADoCvA.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | m3Vfo.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Pe_4G6TNHBiw7.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | q0 y.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | QX41YSfi6.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Saved Pictures\desktop.ini | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | sj6 1xhDAi0ypw.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | svWwwq0D.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | W-jIjn6.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Ww lmr4coeaZVkLVzHS.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | YBodpCQ1OYUO B.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | yova8.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | yWEcS.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | y_QmYlvwtNWjwI0tZ.bmp | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | Z8PEjH5b.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | zdKqdR.png | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | zoYWy0tnNuqg-Zdh4.gif | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| Add Search Path | - | - |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR | type = file_attributes |
|
5 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | type = file_type |
|
1 | |
| Get Info | Pictures | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\Pictures\Pictures | type = file_attributes |
|
1 | |
| Get Info | Pictures.rar | type = file_attributes |
|
3 | |
| Get Info | \\?\C:\Users\FD1HVy\Pictures\Pictures.rar | type = file_attributes |
|
3 | |
| Get Info | Pictures.zip | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\Pictures\Pictures.zip | type = file_attributes |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes | type = file_attributes |
|
1 | |
| Get Info | \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes | type = file_attributes |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | size = 4096, size_out = 12 |
|
1 | |
| Read | 17Kei.bmp | size = 1048576, size_out = 48846 |
|
1 | |
| Read | 17Kei.bmp | size = 999730, size_out = 0 |
|
1 | |
| Read | 1Uee5Fu 2XCwi8fG.gif | size = 1048576, size_out = 75056 |
|
1 | |
| Read | 1Uee5Fu 2XCwi8fG.gif | size = 973520, size_out = 0 |
|
1 | |
| Read | 5qnTEjfG9KjtBUIojvlC.png | size = 1048576, size_out = 73639 |
|
1 | |
| Read | 5qnTEjfG9KjtBUIojvlC.png | size = 974937, size_out = 0 |
|
1 | |
| Read | 6xi8hATC8ep.gif | size = 1048576, size_out = 15219 |
|
1 | |
| Read | 6xi8hATC8ep.gif | size = 1033357, size_out = 0 |
|
1 | |
| Read | 7ZwWGMcIaUjWjMVJAe.jpg | size = 1048576, size_out = 43455 |
|
1 | |
| Read | 7ZwWGMcIaUjWjMVJAe.jpg | size = 1005121, size_out = 0 |
|
1 | |
| Read | 8eYKFrOBbq-TuX.bmp | size = 1048576, size_out = 20756 |
|
1 | |
| Read | 8eYKFrOBbq-TuX.bmp | size = 1027820, size_out = 0 |
|
1 | |
| Read | 9BtQRHA1y.gif | size = 1048576, size_out = 42415 |
|
1 | |
| Read | 9BtQRHA1y.gif | size = 1006161, size_out = 0 |
|
1 | |
| Read | A4ii4MOpBgpQwQBT.jpg | size = 1048576, size_out = 87534 |
|
1 | |
| Read | A4ii4MOpBgpQwQBT.jpg | size = 961042, size_out = 0 |
|
1 | |
| Read | aHz4Hx-PBeuX.png | size = 1048576, size_out = 81997 |
|
1 | |
| Read | aHz4Hx-PBeuX.png | size = 966579, size_out = 0 |
|
1 | |
| Read | awTUht89JcK2K D7j9i.png | size = 1048576, size_out = 34167 |
|
1 | |
| Read | awTUht89JcK2K D7j9i.png | size = 1014409, size_out = 0 |
|
1 | |
| Read | c9ZaReaCiTG.png | size = 1048576, size_out = 82983 |
|
1 | |
| Read | c9ZaReaCiTG.png | size = 965593, size_out = 0 |
|
1 | |
| Read | Camera Roll\desktop.ini | size = 1048576, size_out = 190 |
|
1 | |
| Read | Camera Roll\desktop.ini | size = 1048386, size_out = 0 |
|
1 | |
| Read | Cg4L5J0Hp5g.bmp | size = 1048576, size_out = 3689 |
|
1 | |
| Read | Cg4L5J0Hp5g.bmp | size = 1044887, size_out = 0 |
|
1 | |
| Read | desktop.ini | size = 1048576, size_out = 504 |
|
1 | |
| Read | desktop.ini | size = 1048072, size_out = 0 |
|
1 | |
| Read | dw0z-rObH0-zF2.png | size = 1048576, size_out = 6965 |
|
1 | |
| Read | dw0z-rObH0-zF2.png | size = 1041611, size_out = 0 |
|
1 | |
| Read | FiPd_4qvOx8j.jpg | size = 1048576, size_out = 46505 |
|
1 | |
| Read | FiPd_4qvOx8j.jpg | size = 1002071, size_out = 0 |
|
1 | |
| Read | g6r96fa7GyN6.gif | size = 1048576, size_out = 57322 |
|
1 | |
| Read | g6r96fa7GyN6.gif | size = 991254, size_out = 0 |
|
1 | |
| Read | gTXyE1NkEEb.jpg | size = 1048576, size_out = 96501 |
|
1 | |
| Read | gTXyE1NkEEb.jpg | size = 952075, size_out = 0 |
|
1 | |
| Read | H6PwCN3oyZKOwFQ.png | size = 1048576, size_out = 101635 |
|
1 | |
| Read | H6PwCN3oyZKOwFQ.png | size = 946941, size_out = 0 |
|
1 | |
| Read | H7Jzn2.png | size = 1048576, size_out = 81996 |
|
1 | |
| Read | H7Jzn2.png | size = 966580, size_out = 0 |
|
1 | |
| Read | hh1Bz.png | size = 1048576, size_out = 97065 |
|
1 | |
| Read | hh1Bz.png | size = 951511, size_out = 0 |
|
1 | |
| Read | HPs4cKd.bmp | size = 1048576, size_out = 59374 |
|
1 | |
| Read | HPs4cKd.bmp | size = 989202, size_out = 0 |
|
1 | |
| Read | job -V_cE7uVrHssoWW.jpg | size = 1048576, size_out = 48923 |
|
1 | |
| Read | job -V_cE7uVrHssoWW.jpg | size = 999653, size_out = 0 |
|
1 | |
| Read | KmDsFaqbjMnNn4BN.jpg | size = 1048576, size_out = 33999 |
|
1 | |
| Read | KmDsFaqbjMnNn4BN.jpg | size = 1014577, size_out = 0 |
|
1 | |
| Read | m3ksaTaVuXM_ADoCvA.jpg | size = 1048576, size_out = 92134 |
|
1 | |
| Read | m3ksaTaVuXM_ADoCvA.jpg | size = 956442, size_out = 0 |
|
1 | |
| Read | m3Vfo.png | size = 1048576, size_out = 93174 |
|
1 | |
| Read | m3Vfo.png | size = 955402, size_out = 0 |
|
1 | |
| Read | Pe_4G6TNHBiw7.gif | size = 1048576, size_out = 70389 |
|
1 | |
| Read | Pe_4G6TNHBiw7.gif | size = 978187, size_out = 0 |
|
1 | |
| Read | q0 y.bmp | size = 1048576, size_out = 14550 |
|
1 | |
| Read | q0 y.bmp | size = 1034026, size_out = 0 |
|
1 | |
| Read | QX41YSfi6.bmp | size = 1048576, size_out = 86135 |
|
1 | |
| Read | QX41YSfi6.bmp | size = 962441, size_out = 0 |
|
1 | |
| Read | Saved Pictures\desktop.ini | size = 1048576, size_out = 190 |
|
1 | |
| Read | Saved Pictures\desktop.ini | size = 1048386, size_out = 0 |
|
1 | |
| Read | sj6 1xhDAi0ypw.jpg | size = 1048576, size_out = 22861 |
|
1 | |
| Read | sj6 1xhDAi0ypw.jpg | size = 1025715, size_out = 0 |
|
1 | |
| Read | svWwwq0D.png | size = 1048576, size_out = 92299 |
|
1 | |
| Read | svWwwq0D.png | size = 956277, size_out = 0 |
|
1 | |
| Read | W-jIjn6.gif | size = 1048576, size_out = 63593 |
|
1 | |
| Read | W-jIjn6.gif | size = 984983, size_out = 0 |
|
1 | |
| Read | Ww lmr4coeaZVkLVzHS.jpg | size = 1048576, size_out = 6330 |
|
1 | |
| Read | Ww lmr4coeaZVkLVzHS.jpg | size = 1042246, size_out = 0 |
|
1 | |
| Read | YBodpCQ1OYUO B.gif | size = 1048576, size_out = 93957 |
|
1 | |
| Read | YBodpCQ1OYUO B.gif | size = 954619, size_out = 0 |
|
1 | |
| Read | yova8.bmp | size = 1048576, size_out = 23571 |
|
1 | |
| Read | yova8.bmp | size = 1025005, size_out = 0 |
|
1 | |
| Read | yWEcS.bmp | size = 1048576, size_out = 11930 |
|
1 | |
| Read | yWEcS.bmp | size = 1036646, size_out = 0 |
|
1 | |
| Read | y_QmYlvwtNWjwI0tZ.bmp | size = 1048576, size_out = 48977 |
|
1 | |
| Read | y_QmYlvwtNWjwI0tZ.bmp | size = 999599, size_out = 0 |
|
1 | |
| Read | Z8PEjH5b.jpg | size = 1048576, size_out = 83459 |
|
1 | |
| Read | Z8PEjH5b.jpg | size = 965117, size_out = 0 |
|
1 | |
| Read | zdKqdR.png | size = 1048576, size_out = 43236 |
|
1 | |
| Read | zdKqdR.png | size = 1005340, size_out = 0 |
|
1 | |
| Read | zoYWy0tnNuqg-Zdh4.gif | size = 1048576, size_out = 91998 |
|
1 | |
| Read | zoYWy0tnNuqg-Zdh4.gif | size = 956578, size_out = 0 |
|
1 | |
| Write | Pictures.rar | size = 8 |
|
2 | |
| Write | Pictures.rar | size = 17 |
|
2 | |
| Write | Pictures.rar | size = 48928 |
|
1 | |
| Write | Pictures.rar | size = 93 |
|
6 | |
| Write | Pictures.rar | size = 75232 |
|
1 | |
| Write | Pictures.rar | size = 104 |
|
3 | |
| Write | Pictures.rar | size = 73808 |
|
1 | |
| Write | Pictures.rar | size = 108 |
|
2 | |
| Write | Pictures.rar | size = 15248 |
|
1 | |
| Write | Pictures.rar | size = 99 |
|
3 | |
| Write | Pictures.rar | size = 43552 |
|
1 | |
| Write | Pictures.rar | size = 106 |
|
2 | |
| Write | Pictures.rar | size = 20832 |
|
1 | |
| Write | Pictures.rar | size = 102 |
|
3 | |
| Write | Pictures.rar | size = 42528 |
|
1 | |
| Write | Pictures.rar | size = 97 |
|
3 | |
| Write | Pictures.rar | size = 87728 |
|
1 | |
| Write | Pictures.rar | size = 82160 |
|
1 | |
| Write | Pictures.rar | size = 100 |
|
4 | |
| Write | Pictures.rar | size = 34288 |
|
1 | |
| Write | Pictures.rar | size = 107 |
|
2 | |
| Write | Pictures.rar | size = 83216 |
|
1 | |
| Write | Pictures.rar | size = 160 |
|
2 | |
| Write | Pictures.rar | size = 105 |
|
4 | |
| Write | Pictures.rar | size = 3744 |
|
1 | |
| Write | Pictures.rar | size = 208 |
|
1 | |
| Write | Pictures.rar | size = 7008 |
|
1 | |
| Write | Pictures.rar | size = 46608 |
|
1 | |
| Write | Pictures.rar | size = 57456 |
|
1 | |
| Write | Pictures.rar | size = 96688 |
|
1 | |
| Write | Pictures.rar | size = 101872 |
|
1 | |
| Write | Pictures.rar | size = 103 |
|
1 | |
| Write | Pictures.rar | size = 82176 |
|
1 | |
| Write | Pictures.rar | size = 94 |
|
2 | |
| Write | Pictures.rar | size = 97248 |
|
1 | |
| Write | Pictures.rar | size = 59504 |
|
1 | |
| Write | Pictures.rar | size = 95 |
|
2 | |
| Write | Pictures.rar | size = 49024 |
|
1 | |
| Write | Pictures.rar | size = 34160 |
|
1 | |
| Write | Pictures.rar | size = 92320 |
|
1 | |
| Write | Pictures.rar | size = 93376 |
|
1 | |
| Write | Pictures.rar | size = 70560 |
|
1 | |
| Write | Pictures.rar | size = 101 |
|
1 | |
| Write | Pictures.rar | size = 14576 |
|
1 | |
| Write | Pictures.rar | size = 92 |
|
1 | |
| Write | Pictures.rar | size = 86336 |
|
1 | |
| Write | Pictures.rar | size = 22944 |
|
1 | |
| Write | Pictures.rar | size = 92496 |
|
1 | |
| Write | Pictures.rar | size = 96 |
|
2 | |
| Write | Pictures.rar | size = 63728 |
|
1 | |
| Write | Pictures.rar | size = 6400 |
|
1 | |
| Write | Pictures.rar | size = 94144 |
|
1 | |
| Write | Pictures.rar | size = 23648 |
|
1 | |
| Write | Pictures.rar | size = 11952 |
|
1 | |
| Write | Pictures.rar | size = 49056 |
|
1 | |
| Write | Pictures.rar | size = 83680 |
|
1 | |
| Write | Pictures.rar | size = 43344 |
|
1 | |
| Write | Pictures.rar | size = 92192 |
|
1 | |
| Write | Pictures.rar | size = 42 |
|
1 | |
| Write | Pictures.rar | size = 45 |
|
1 | |
| Write | Pictures.rar | size = 19 |
|
1 | |
| Write | Pictures.rar | size = 4061 |
|
1 | |
| Delete Directory | Saved Pictures | - |
|
1 | |
| Delete Directory | Camera Roll | - |
|
1 | |
| Delete | zoYWy0tnNuqg-Zdh4.gif | - |
|
1 | |
| Delete | zdKqdR.png | - |
|
1 | |
| Delete | Z8PEjH5b.jpg | - |
|
1 | |
| Delete | y_QmYlvwtNWjwI0tZ.bmp | - |
|
1 | |
| Delete | yWEcS.bmp | - |
|
1 | |
| Delete | yova8.bmp | - |
|
1 | |
| Delete | YBodpCQ1OYUO B.gif | - |
|
1 | |
| Delete | Ww lmr4coeaZVkLVzHS.jpg | - |
|
1 | |
| Delete | W-jIjn6.gif | - |
|
1 | |
| Delete | svWwwq0D.png | - |
|
1 | |
| Delete | sj6 1xhDAi0ypw.jpg | - |
|
1 | |
| Delete | Saved Pictures\desktop.ini | - |
|
1 | |
| Delete | QX41YSfi6.bmp | - |
|
1 | |
| Delete | q0 y.bmp | - |
|
1 | |
| Delete | Pe_4G6TNHBiw7.gif | - |
|
1 | |
| Delete | m3Vfo.png | - |
|
1 | |
| Delete | m3ksaTaVuXM_ADoCvA.jpg | - |
|
1 | |
| Delete | KmDsFaqbjMnNn4BN.jpg | - |
|
1 | |
| Delete | job -V_cE7uVrHssoWW.jpg | - |
|
1 | |
| Delete | HPs4cKd.bmp | - |
|
1 | |
| Delete | hh1Bz.png | - |
|
1 | |
| Delete | H7Jzn2.png | - |
|
1 | |
| Delete | H6PwCN3oyZKOwFQ.png | - |
|
1 | |
| Delete | gTXyE1NkEEb.jpg | - |
|
1 | |
| Delete | g6r96fa7GyN6.gif | - |
|
1 | |
| Delete | FiPd_4qvOx8j.jpg | - |
|
1 | |
| Delete | dw0z-rObH0-zF2.png | - |
|
1 | |
| Delete | desktop.ini | - |
|
1 | |
| Delete | Cg4L5J0Hp5g.bmp | - |
|
1 | |
| Delete | Camera Roll\desktop.ini | - |
|
1 | |
| Delete | c9ZaReaCiTG.png | - |
|
1 | |
| Delete | awTUht89JcK2K D7j9i.png | - |
|
1 | |
| Delete | aHz4Hx-PBeuX.png | - |
|
1 | |
| Delete | A4ii4MOpBgpQwQBT.jpg | - |
|
1 | |
| Delete | 9BtQRHA1y.gif | - |
|
1 | |
| Delete | 8eYKFrOBbq-TuX.bmp | - |
|
1 | |
| Delete | 7ZwWGMcIaUjWjMVJAe.jpg | - |
|
1 | |
| Delete | 6xi8hATC8ep.gif | - |
|
1 | |
| Delete | 5qnTEjfG9KjtBUIojvlC.png | - |
|
1 | |
| Delete | 1Uee5Fu 2XCwi8fG.gif | - |
|
1 | |
| Delete | 17Kei.bmp | - |
|
1 |
Registry (243)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Paths | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\WinRAR\Policy | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Policy | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\WinRAR | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\General | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Extraction | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | - |
|
81 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Compression | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList | - |
|
8 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\WinRAR\Interface | - |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = LanguageFolder, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = LanguageFolder, data = 33, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = VerInfo, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = rarkey, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = Priority, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR | value_name = rarreg.key, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\General | value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ExclNames, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = StoreNames, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXModule, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFX, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXIcon, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXLogo, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtFile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtDataWide, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtTextWide, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = CmtTextData, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolumeSize, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Recovery, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PasswordData, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = EmailArcTo, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 | value_name = PackDetails, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ActivePath, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface | value_name = SystemProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\WinRAR\Interface | value_name = TaskbarProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ShellExtBMP, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes | value_name = ShellExtIcon, size = 2, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = name, data = 120, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = size, data = 80, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = type, data = 120, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths | value_name = mtime, data = 100, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Module (39)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x7ff92f150000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x7ff92f150000 |
|
1 | |
| Load | C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll | base_address = 0x0 |
|
1 | |
| Load | C:\WINDOWS\system32\riched20.dll | base_address = 0x7ff912450000 |
|
1 | |
| Load | C:\WINDOWS\system32\Crypt32.dll | base_address = 0x7ff92e880000 |
|
1 | |
| Load | api-ms-win-appmodel-runtime-l1-1-1 | base_address = 0x7ff92e3f0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x7ff92fdd0000 |
|
3 | |
| Get Handle | c:\users\fd1hvy\appdata\local\temp\winrar.exe | base_address = 0x7ff6f74d0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Get Handle | c:\users\fd1hvy\appdata\local\temp\winrar.exe | base_address = 0x7ff6f74d0000 |
|
2 | |
| Get Handle | mscoree.dll | - |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
2 | |
| Get Filename | C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
3 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
2 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = InitializeConditionVariable, address_out = 0x7ff931fb35c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x7ff92f1be960 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x7ff931fa6090 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetDllDirectoryW, address_out = 0x7ff92fdee3c0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x7ff92f228b70 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptProtectMemory, address_out = 0x7ff92d8c1770 |
|
1 | |
| Get Address | c:\windows\system32\crypt32.dll | function = CryptUnprotectMemory, address_out = 0x7ff92d8c17a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CompareStringOrdinal, address_out = 0x7ff92fde8fb0 |
|
1 | |
| Get Address | c:\windows\system32\kernel.appcore.dll | function = GetCurrentPackageId, address_out = 0x7ff92e3f2b30 |
|
1 |
Window (6)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | WinRAR | class_name = WinRarWindow, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = SysListView32, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Find | - | class_name = WinRarWindow |
|
1 | |
| Find | - | class_name = WinRarWindow |
|
1 |
Keyboard (8)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
7 |
System (819)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Performance Ctr, time = 14920805244 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:35 (UTC) |
|
1 | |
| Get Time | type = Local Time, time = 2019-03-31 23:13:38 (Local Time) |
|
1 | |
| Get Time | type = Performance Ctr, time = 15224004289 |
|
1 | |
| Get Time | type = Ticks, time = 152781 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15281653057 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15282303572 |
|
1 | |
| Get Time | type = Ticks, time = 153546 |
|
3 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
5 | |
| Get Time | type = Performance Ctr, time = 15384843085 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15385165545 |
|
1 | |
| Get Time | type = Ticks, time = 153828 |
|
1 | |
| Get Time | type = Ticks, time = 154250 |
|
2 | |
| Get Time | type = Performance Ctr, time = 15428579620 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15429182027 |
|
1 | |
| Get Time | type = Ticks, time = 154265 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15430284429 |
|
1 | |
| Get Time | type = Ticks, time = 154406 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15444704119 |
|
1 | |
| Get Time | type = Ticks, time = 154718 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15475913466 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15476004927 |
|
1 | |
| Get Time | type = Ticks, time = 154734 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15477639772 |
|
1 | |
| Get Time | type = Ticks, time = 154750 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15478554322 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15478645452 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15479195811 |
|
1 | |
| Get Time | type = Ticks, time = 154765 |
|
1 | |
| Get Time | type = Ticks, time = 155296 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
9 | |
| Get Time | type = Performance Ctr, time = 15552745954 |
|
1 | |
| Get Time | type = Ticks, time = 155500 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15552894602 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15553461517 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15553869096 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15553969903 |
|
1 | |
| Get Time | type = Ticks, time = 155515 |
|
15 | |
| Get Time | type = Performance Ctr, time = 15554382242 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15554972683 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15555041538 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15555267540 |
|
1 | |
| Get Time | type = Ticks, time = 155531 |
|
15 | |
| Get Time | type = Performance Ctr, time = 15555881697 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15555982959 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15556310925 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15556911962 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15557007078 |
|
1 | |
| Get Time | type = Ticks, time = 155546 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15558169755 |
|
1 | |
| Get Time | type = Ticks, time = 155703 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15573580648 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15573680198 |
|
1 | |
| Get Time | type = Ticks, time = 155718 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15574676739 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15575338188 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15575424647 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15575707603 |
|
1 | |
| Get Time | type = Ticks, time = 155734 |
|
11 | |
| Get Time | type = Performance Ctr, time = 15576465158 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15576555848 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15577159390 |
|
1 | |
| Get Time | type = Ticks, time = 155750 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15577874247 |
|
1 | |
| Get Time | type = Ticks, time = 155890 |
|
18 | |
| Get Time | type = Performance Ctr, time = 15592099498 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15592560719 |
|
1 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
14 | |
| Get Time | type = Performance Ctr, time = 15593021908 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15593079817 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15593228704 |
|
1 | |
| Get Time | type = Ticks, time = 155906 |
|
20 | |
| Get Time | type = Performance Ctr, time = 15593595182 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15593666729 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15594095924 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15594466548 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15594536010 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15594726747 |
|
1 | |
| Get Time | type = Ticks, time = 155921 |
|
11 | |
| Get Time | type = Performance Ctr, time = 15595321350 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15595420948 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15595802347 |
|
1 | |
| Get Time | type = Ticks, time = 156250 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15628770326 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15629057832 |
|
1 | |
| Get Time | type = Ticks, time = 156265 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15629936552 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15630625888 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15630724071 |
|
1 | |
| Get Time | type = Ticks, time = 156281 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15631980409 |
|
1 | |
| Get Time | type = Ticks, time = 156296 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15632952118 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15633055075 |
|
1 | |
| Get Time | type = Ticks, time = 156312 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15634290097 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15635046995 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15635150620 |
|
1 | |
| Get Time | type = Ticks, time = 156484 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15652073934 |
|
1 | |
| Get Time | type = Ticks, time = 156500 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15653992504 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15654119859 |
|
1 | |
| Get Time | type = Ticks, time = 156515 |
|
5 | |
| Get Time | type = Performance Ctr, time = 15655737210 |
|
1 | |
| Get Time | type = Ticks, time = 156531 |
|
2 | |
| Get Time | type = Performance Ctr, time = 15657293993 |
|
1 | |
| Get Time | type = Ticks, time = 156718 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15675522978 |
|
1 | |
| Get Time | type = Ticks, time = 156734 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15676323380 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15677025788 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15677116797 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15677469922 |
|
1 | |
| Get Time | type = Ticks, time = 156750 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15678083973 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15678173538 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15678451820 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15678973106 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15679074681 |
|
1 | |
| Get Time | type = Ticks, time = 156765 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15679713687 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15680500289 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15680602506 |
|
1 | |
| Get Time | type = Ticks, time = 156875 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15691212358 |
|
1 | |
| Get Time | type = Ticks, time = 156890 |
|
10 | |
| Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
15 | |
| Get Time | type = Performance Ctr, time = 15692344301 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15692440011 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15692934793 |
|
1 | |
| Get Time | type = Ticks, time = 156906 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15693555347 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15693628297 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15693818389 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15694202600 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15694378043 |
|
1 | |
| Get Time | type = Ticks, time = 156921 |
|
6 | |
| Get Time | type = Performance Ctr, time = 15695152515 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15696388153 |
|
1 | |
| Get Time | type = Ticks, time = 156937 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15696649617 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15696675958 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15697000690 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15697063711 |
|
1 | |
| Get Time | type = Ticks, time = 157250 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15729309834 |
|
1 | |
| Get Time | type = Ticks, time = 157265 |
|
4 | |
| Get Time | type = Ticks, time = 157281 |
|
11 | |
| Get Time | type = Performance Ctr, time = 15730959815 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15731095609 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15731757621 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15732533587 |
|
1 | |
| Get Time | type = Ticks, time = 157296 |
|
14 | |
| Get Time | type = Performance Ctr, time = 15732646548 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15733201467 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15733794966 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15733860632 |
|
1 | |
| Get Time | type = Ticks, time = 157312 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15734304294 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15734664622 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15734774033 |
|
1 | |
| Get Time | type = Ticks, time = 157453 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15749337425 |
|
1 | |
| Get Time | type = Ticks, time = 157468 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15750206567 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15750279437 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15750828265 |
|
1 | |
| Get Time | type = Ticks, time = 157484 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15751461766 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15751575632 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15751784888 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15752162644 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15752277835 |
|
1 | |
| Get Time | type = Ticks, time = 157500 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15752824991 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15753569568 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15753678170 |
|
1 | |
| Get Time | type = Ticks, time = 157609 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15764695762 |
|
1 | |
| Get Time | type = Ticks, time = 157625 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15766041990 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15766128159 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15766465471 |
|
1 | |
| Get Time | type = Ticks, time = 157640 |
|
10 | |
| Get Time | type = Performance Ctr, time = 15767264336 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15767369020 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15767976645 |
|
1 | |
| Get Time | type = Ticks, time = 157656 |
|
4 | |
| Get Time | type = Ticks, time = 158218 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15825376402 |
|
1 | |
| Get Time | type = Ticks, time = 158640 |
|
2 | |
| Get Time | type = Performance Ctr, time = 15868468578 |
|
1 | |
| Get Time | type = Ticks, time = 158656 |
|
2 | |
| Get Time | type = Ticks, time = 158765 |
|
8 | |
| Get Time | type = Performance Ctr, time = 15880163914 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15880516898 |
|
1 | |
| Get Time | type = Ticks, time = 158781 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15881064514 |
|
1 | |
| Get Time | type = Ticks, time = 158890 |
|
8 | |
| Get Time | type = Performance Ctr, time = 15892858477 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15893163132 |
|
1 | |
| Get Time | type = Ticks, time = 158906 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15893568187 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15893953439 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15894318606 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15894711984 |
|
1 | |
| Get Time | type = Ticks, time = 159343 |
|
2 | |
| Get Time | type = Performance Ctr, time = 15938780782 |
|
1 | |
| Get Time | type = Ticks, time = 159359 |
|
18 | |
| Get Time | type = Performance Ctr, time = 15939139735 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15939483521 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15939842493 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15940124430 |
|
1 | |
| Get Time | type = Ticks, time = 159375 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15940597327 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15940930194 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15941240161 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15941519501 |
|
1 | |
| Get Time | type = Ticks, time = 159390 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15942003925 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15942327232 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15942659247 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15943047430 |
|
1 | |
| Get Time | type = Ticks, time = 159531 |
|
12 | |
| Get Time | type = Performance Ctr, time = 15956412971 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15956774790 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15957093506 |
|
1 | |
| Get Time | type = Ticks, time = 159546 |
|
16 | |
| Get Time | type = Performance Ctr, time = 15957764770 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15958129288 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15958492398 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15958842777 |
|
1 | |
| Get Time | type = Ticks, time = 159562 |
|
4 | |
| Get Time | type = Performance Ctr, time = 15959187191 |
|
1 | |
| Get Time | type = Ticks, time = 159656 |
|
2 | |
| Get Time | type = Performance Ctr, time = 15980513390 |
|
1 | |
| Get Time | type = Ticks, time = 159765 |
|
2 | |
| Get Time | type = Ticks, time = 159781 |
|
12 | |
| Get Time | type = Performance Ctr, time = 15981256637 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15981816437 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15982140310 |
|
1 | |
| Get Time | type = Ticks, time = 159796 |
|
8 | |
| Get Time | type = Performance Ctr, time = 15982667732 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15983103393 |
|
1 | |
| Get Time | type = Ticks, time = 160359 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16039321724 |
|
1 | |
| Get Time | type = Ticks, time = 160453 |
|
2 | |
| Get Time | type = Performance Ctr, time = 16051321130 |
|
1 | |
| Get Time | type = Ticks, time = 160484 |
|
2 | |
| Get Time | type = Ticks, time = 160656 |
|
8 | |
| Get Time | type = Performance Ctr, time = 16069339866 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16069733648 |
|
1 | |
| Get Time | type = Ticks, time = 160671 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16070299898 |
|
1 | |
| Get Time | type = Ticks, time = 160765 |
|
4 | |
| Get Time | type = Performance Ctr, time = 16080150242 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16094005803 |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
2 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = WinRAR_Busy |
|
1 | |
| Release | mutex_name = WinRAR_Busy |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
