UNNAM3D - RANSM.exe
Windows Exe (x86-32)
Created at 2019-03-31T21:12:00
Monitored Processes
Behavior Information - Sequential View
Process #1: unnam3d - ransm.exe
421
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\unnam3d - ransm.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:25, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:33, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:07 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe64 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
EB4
0x
4F0
0x
60
0x
B6C
0x
F50
0x
BEC
0x
490
0x
260
0x
8F0
0x
1A4
0x
2D0
0x
3CC
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| clrjit.dll | 0x74330000 | 0x743AFFFF | Marked Writable | - | 32-bit | - |
|
|
| buffer | 0x049D0000 | 0x049D0FFF | First Execution | - | 32-bit | 0x049D0000 |
|
|
| clrjit.dll | 0x74330000 | 0x743AFFFF | Content Changed | - | 32-bit | 0x7439A2A6, 0x74369E12 |
|
|
| clrjit.dll | 0x74330000 | 0x743AFFFF | Content Changed | - | 32-bit | 0x74391000 |
|
|
| buffer | 0x06567000 | 0x06567FFF | First Execution | - | 32-bit | 0x06567000 |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe | 2.17 MB |
MD5:
1e3a2a966f593ad33125f26916267008
SHA1: 38b1a547ddee671edeee7385cac138458a6a6858 SHA256: b18c9b9200e354f81882b29dc8143ec5d6f2b731cf4c7da3800e339ffb3c8827 SSDeep: 49152:m2IoCBtJnxlyU/mWhRcQYhie6/UIdjjQuctXnFDu3nAzNjteyUHBdH3y2:xrCBrtcy/lfkD0nANte9BpC2 |
|
|
| c:\users\fd1hvy\appdata\local\temp\wallpaper.png | 679.01 KB |
MD5:
4eaf9cbc1438214622460aa18fbf050d
SHA1: 543c921d0f75bb5a8a9cd1bf1096d2d0af69170e SHA256: a935f1af2674e6577a02f7b2f53ad98612fd55dd2f3f51cb476767c01f4076e8 SSDeep: 12288:whHUpY2wdt2pD5969U59o6xM4T1GFg6qaUlZCZSjX4lZuuS+L+26TCNYBuGAR:va2K2pD596mzosrGFg6qao0SjXGuu/+S |
|
|
Threads
Thread 0xeb4
421
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| User | Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\ntdll.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNEL32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNELBASE.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\apphelp.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ADVAPI32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcrt.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\sechost.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\RPCRT4.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SspiCli.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\bcryptPrimitives.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SHLWAPI.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\combase.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ucrtbase.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\GDI32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\gdi32full.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcp_win.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\USER32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\win32u.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\IMM32.DLL, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\kernel.appcore.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\VERSION.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\f12799647dc4f4abd2f0f17790337f04\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ole32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\OLEAUT32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fcfb8bac8ea9a0e69d72c350b22f8e3f\System.ni.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\psapi.dll, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext |
|
1 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, type = file_attributes |
|
1 | |
| Module | Load | module_name = mscorjit.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = clrjit.dll, base_address = 0x74330000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, function = getJit, address_out = 0x74383d60 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\ntdll.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNEL32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\KERNELBASE.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\apphelp.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ADVAPI32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcrt.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\sechost.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\RPCRT4.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SspiCli.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\bcryptPrimitives.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\SHLWAPI.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\combase.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ucrtbase.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\GDI32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\gdi32full.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\msvcp_win.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\USER32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\win32u.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\IMM32.DLL, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\kernel.appcore.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\VERSION.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\SYSTEM32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\f12799647dc4f4abd2f0f17790337f04\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\ole32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Module | Get Filename | module_name = c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll, process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\OLEAUT32.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fcfb8bac8ea9a0e69d72c350b22f8e3f\System.ni.dll, size = 2048 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, file_name_orig = C:\WINDOWS\System32\psapi.dll, size = 2048 |
|
1 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, type = file_attributes |
|
2 | |
| File | Create | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, type = file_type |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML |
|
1 | |
| File | Get Info | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, size = 4096, size_out = 4096 |
|
8 | |
| File | Read | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, size = 4096, size_out = 3215 |
|
1 | |
| File | Read | filename = C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config, size = 4096, size_out = 0 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe.config, type = file_attributes |
|
2 | |
| Module | Get Handle | module_name = comctl32.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x742a0000 |
|
1 | |
| Module | Get Handle | module_name = comctl32.dll, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = DefWindowProcW, address_out = 0x74600140 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
2 | |
| Window | Create | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework, value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78513854 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, type = file_type |
|
2 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, type = size, size_out = 0 |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe, size = 2876416, size_out = 2876416 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll, base_address = 0x742a0000 |
|
9 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
2 | |
| Window | Create | window_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll, base_address = 0x742a0000 |
|
5 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop\UNNAM3D - RANSM.exe.config, type = file_attributes |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll, base_address = 0x742a0000 |
|
21 | |
| System | Get Cursor | x_out = 44, y_out = 346 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll, base_address = 0x742a0000 |
|
1 | |
| System | Get Cursor | x_out = 44, y_out = 346 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll, base_address = 0x742a0000 |
|
22 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| System | Get Cursor | x_out = 44, y_out = 346 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | window_name = UNNAM3D - R@NSOMEWARE!, class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = UNNAM3D - R@NSOMEWARE!, class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Window | Set Attribute | window_name = UNNAM3D - R@NSOMEWARE!, class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78514702 |
|
1 | |
| Window | Set Attribute | window_name = UNNAM3D - R@NSOMEWARE!, class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -8, new_long = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| System | Get Cursor | x_out = 44, y_out = 346 |
|
1 | |
| Window | Set Attribute | window_name = UNNAM3D - R@NSOMEWARE!, class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -16, new_long = 46858240 |
|
1 | |
| Window | Set Attribute | window_name = UNNAM3D - R@NSOMEWARE!, class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -20, new_long = 327681 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78514742 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -12, new_long = 393334 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
2 | |
| Window | Create | window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Window | Set Attribute | window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514822 |
|
1 | |
| Window | Set Attribute | window_name = Discord: UNNAM3D#6666, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 458798 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Window | Set Attribute | window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514862 |
|
1 | |
| Window | Set Attribute | window_name = You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files., class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 131612 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Window | Set Attribute | window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514902 |
|
1 | |
| Window | Set Attribute | window_name = All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay or the password will be deleted of our servers making it impossible to get your files back. , class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 589846 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Window | Set Attribute | window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514942 |
|
1 | |
| Window | Set Attribute | window_name = How do i pay?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 393750 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Window | Set Attribute | window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78514982 |
|
1 | |
| Window | Set Attribute | window_name = What Happend?, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 131616 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 1875094464 |
|
1 | |
| Window | Set Attribute | window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -4, new_long = 78515022 |
|
1 | |
| Window | Set Attribute | window_name = -YOUR FILES HAVE BEEN LOCKED-, class_name = WindowsForms10.STATIC.app.0.141b42a_r9_ad1, index = -12, new_long = 328216 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll, base_address = 0x6fbc0000 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\desktop\unnam3d - ransm.exe, base_address = 0xd0000 |
|
1 | |
| Window | Create | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 1952448832 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -4, new_long = 78515062 |
|
1 | |
| Window | Set Attribute | class_name = WindowsForms10.Window.8.app.0.141b42a_r9_ad1, index = -12, new_long = 197146 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, type = file_type |
|
2 | |
| File | Write | filename = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2276568 |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Create Desktop | desktop_name = MeinTestDesktop |
|
1 | |
| System | Switch Desktop | desktop_name = MeinTestDesktop |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| Process | Create | process_name = cmd.exe, show_window = SW_HIDE |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 | |
| System | Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| System | Sleep | duration = 3000 milliseconds (3.000 seconds) |
|
1 |
Process #3: cmd.exe
57
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /C cd C:\Users\FD1HVy\Desktop && C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:04:33, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:40 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf00 |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\unnam3d - ransm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
384
0x
36C
|
Threads
Thread 0x384
57
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x8e0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 136, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, os_pid = 0xe3c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 |
Process #4: cmd.exe
66
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /C cd C:\Users\FD1HVy\Documents && C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:36 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x46c |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\unnam3d - ransm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F04
0x
86C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x008E0000 | 0x00938FFF | Process Termination | - | 32-bit | - |
|
|
Threads
Thread 0xf04
66
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x8e0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 197, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Documents, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Documents |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, os_pid = 0xf64, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 |
Process #6: cmd.exe
66
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\System32\cmd.exe" /C cd C:\Users\FD1HVy\Pictures && C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:19, Reason: Self Terminated |
| Monitor Duration | 00:00:25 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa9c |
| Parent PID | 0xe64 (c:\users\fd1hvy\desktop\unnam3d - ransm.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
784
0x
F6C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| cmd.exe | 0x008E0000 | 0x00938FFF | Process Termination | - | 32-bit | - |
|
|
Threads
Thread 0x784
66
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\cmd.exe, base_address = 0x8e0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Pictures, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Pictures |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, os_pid = 0x754, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
3 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
2 |
Process #9: winrar.exe
3340
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\users\fd1hvy\appdata\local\temp\winrar.exe |
| Command Line | C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Desktop * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:56, Reason: Child Process |
| Unmonitor | End Time: 00:04:33, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe3c |
| Parent PID | 0xf00 (c:\windows\syswow64\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4A4
0x
E7C
0x
D08
0x
FAC
0x
F24
0x
3FC
0x
10C0
0x
10C4
0x
10C8
0x
10CC
0x
10D0
0x
10D4
0x
10D8
0x
10DC
0x
10E0
0x
10E4
0x
10E8
0x
10EC
0x
10F0
0x
10F4
0x
10F8
0x
10FC
0x
1100
0x
1104
0x
1108
0x
110C
0x
1110
0x
1114
0x
1118
0x
111C
0x
1120
0x
1124
0x
1128
0x
112C
0x
1130
0x
1134
0x
1138
0x
113C
0x
1140
0x
1144
0x
1148
0x
114C
0x
1150
0x
1154
0x
1158
0x
115C
0x
1160
0x
1164
0x
1168
0x
116C
0x
1170
0x
1174
0x
1178
0x
117C
0x
1180
0x
1184
0x
1188
0x
118C
0x
1190
0x
1194
0x
1198
0x
119C
0x
11A0
0x
11A4
0x
11A8
0x
11AC
0x
11B0
0x
11B4
0x
11B8
0x
11BC
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| Desktop.rar | 4.93 MB |
MD5:
efa4ac54e99fdd29a9c5edf45ddaaa54
SHA1: 7d248783bb8ff1b88458ebd21c9ec8fd56275281 SHA256: 41290334b1e39a052138f7397495cccebc4675f3fd5a49b0a28ea015d768e5cc SSDeep: 98304:sqq9/v6ZTjRW6S8TP7PaTxncuJf6fVc2hnfzbOrTPg8X4p7Y8b:9q9cA6FTjnLKrD7Xw7pb |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\fd1hvy\appdata\local\microsoft\windows\explorer\iconcache_idx.db | 113.77 KB |
MD5:
73bfba05899b33a27858f4c19b1a671b
SHA1: c6f1c292ff85bb4fb84055975879c8345290b413 SHA256: c2c4cdff22f9ca0ef6e49c25c19f020fbe3bed1712451c61aa02f1342acf4d19 SSDeep: 384:40cn3yWhXKXxUAuLD/q3sOqXp16KPo7Eo9erZoieAco37MwaDeYfs:rOaWDLrq3JMUWxnZoit7Mnq |
|
|
| c:\users\fd1hvy\appdata\local\microsoft\windows\explorer\iconcache_16.db | 1.00 MB |
MD5:
59dda5dae4ef7b50a99d041e7a9e97e6
SHA1: 644e29965aef4527bc670bb0cecda464a0eb60b4 SHA256: f25e9070985e75877834f377d7ca21eec0961f2c7a87e815bffca320334ba90f SSDeep: 12288:99sS9vByHE1a4Cxl/pGvfRBG4+EFjnFEd0jJg8ey:9DNBRi6G4+uA8ey |
|
|
Threads
Thread 0x4a4
3340
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x7ff931fb35c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x7ff92f1be960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x7ff931fa6090 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 14841558905 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDllDirectoryW, address_out = 0x7ff92fdee3c0 |
|
1 | |
| File | Add Search Path | - |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x7ff92f228b70 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, base_address = 0x7ff6f74d0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Create Directory | C:\Users\FD1HVy\AppData\Roaming\WinRAR |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, base_address = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Module | Load | module_name = C:\WINDOWS\system32\riched20.dll, base_address = 0x7ff912450000 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, size = 32, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, size = 50, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcName |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileNames |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFX |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Solid, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Method, data = 5, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Name, data = Backup selected files, size = 44, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcName |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileNames |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFX |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RecEnabled, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = OpenShared, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SaveStreams, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = GenerateArcName, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Name, data = Backup selected files, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Name, data = Create 10 MB volumes, size = 42, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcName |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileNames |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = UseRAR, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFX |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VolumeSize, data = 10485760, size = 18, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Solid, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RecEnabled, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = DictSizeLZ, data = 33554432, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = DictSize, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1, value_name = Name, data = Create e-mail attachment, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2, value_name = Name, data = Backup selected files, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3, value_name = Name, data = Create 10 MB volumes, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Name, data = ZIP archive (low compression), size = 60, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Default, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcName |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileNames |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ImmExec, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ExclNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = StoreNames, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = UseRAR, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RAR5, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXModule, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Delete Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFX |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXLogo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SFXElevate, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = CmtFile, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = CmtDataWide, size = 2, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VolumeSize, data = 0, size = 4, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VolSizeMod, data = 2, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VolPause, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = OldVolNames, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RecVolNumber, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Update, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Fresh, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SyncFiles, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Overwrite, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Move, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcRecBin, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcWipe, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = WipeIfPassword, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Solid, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Test, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RecEnabled, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = RecSize, data = 4294967293, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = EraseDest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = AddArcOnly, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ClearArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Lock, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Method, data = 3, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Background, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = WaitForOther, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = Shutdown, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PasswordData, size = 1, type = REG_BINARY |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = EncryptHeaders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ZipLegacyEncrypt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = OpenShared, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ProcessOwners, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SaveStreams, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SaveSymLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SaveHardLinks, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = GenerateArcName, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = VersionControl, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = BLAKE2, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileCopies, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = QuickOpen, data = 1, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = GenerateMask, data = yyyymmddhhmmss, size = 30, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileTimeMode, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileDays, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileHours, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileMinutes, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = FileTimeLimit, data = 0, size = 8, type = REG_QWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcTimeOriginal, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ArcTimeLatest, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = mtime, data = 4, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = ctime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = atime, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PathsAbs, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PathsNone, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PathsAbsDrive, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SeparateArc, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SeparateArcDoubleExt, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = SeparateArcSubfolders, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = EmailArcTo, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4, value_name = PackDetails, size = 192, type = REG_BINARY |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:35 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = VerInfo, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, type = file_type |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, size = 4096, size_out = 12 |
|
1 | |
| Mutex | Create | mutex_name = WinRAR_Busy |
|
1 | |
| Window | Find | class_name = WinRarWindow |
|
1 | |
| Window | Create | window_name = WinRAR, class_name = WinRarWindow, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-03-31 23:13:38 (Local Time) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarkey, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = Priority, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarreg.key, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Extraction |
|
1 | |
| Keyboard | Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextWide, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextData, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Recovery, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
|
For performance reasons, the remaining 1102 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process #10: winrar.exe
2745
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\users\fd1hvy\appdata\local\temp\winrar.exe |
| Command Line | C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Documents * |
| Initial Working Directory | C:\Users\FD1HVy\Documents\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xf64 |
| Parent PID | 0x46c (c:\windows\syswow64\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
48C
0x
D2C
0x
E44
0x
174
0x
9E8
0x
9FC
0x
1204
0x
1208
0x
120C
0x
1210
0x
1214
0x
1218
0x
121C
0x
1220
0x
1224
0x
1228
0x
122C
0x
1230
0x
1234
0x
1238
0x
123C
0x
1240
0x
1244
0x
1248
0x
124C
0x
1250
0x
1254
0x
1258
0x
125C
0x
1260
0x
1264
0x
1268
0x
126C
0x
1270
0x
1274
0x
1278
0x
127C
0x
1280
0x
1284
0x
1288
0x
128C
0x
1290
0x
1294
0x
1298
0x
129C
0x
12A0
0x
12A4
0x
12A8
0x
12AC
0x
12B0
0x
12B4
0x
12B8
0x
12BC
0x
12C0
0x
12C4
0x
12C8
0x
12CC
0x
12D0
0x
12D4
0x
12D8
0x
12DC
0x
12E0
0x
12E4
0x
12E8
0x
12EC
0x
12F0
0x
12F4
0x
12F8
0x
12FC
0x
1300
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| winrar.exe | 0x7FF6F74D0000 | 0x7FF6F779FFFF | Process Termination | - | 64-bit | - |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat | 0.01 KB |
MD5:
86d13c755ee816538758ea7aa2942899
SHA1: 2bc649ed0171190ae9d4a76a399a2c82310c4c2d SHA256: 1dcf06035130cacff7d4ff78c0337532eacb190647b9e1633d247fc69e34d62a SSDeep: 3:bZi:4 |
|
|
| Documents.rar | 2.54 MB |
MD5:
370e8acf7a8d836e91d6f1a593bfad56
SHA1: 624bebba8d39ce5f887f41d51e66160f4c3596cc SHA256: 012fb962c6ff6e5153eb240c019c139c5bfb95c1bf664d5750b102b6058057ab SSDeep: 49152:eZJE7juqkEOpR7YAjDh1+n65Q/6qChell8dlKffN48iRFTxrT5g:eZojKpLb+iy8hof21xe |
|
|
Threads
Thread 0x48c
2745
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x7ff931fb35c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x7ff92f1be960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x7ff931fa6090 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 14893080587 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDllDirectoryW, address_out = 0x7ff92fdee3c0 |
|
1 | |
| File | Add Search Path | - |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x7ff92f228b70 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, base_address = 0x7ff6f74d0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, base_address = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Module | Load | module_name = C:\WINDOWS\system32\riched20.dll, base_address = 0x7ff912450000 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:35 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = VerInfo, size = 12, type = REG_BINARY |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, size = 12 |
|
1 | |
| Mutex | Create | mutex_name = WinRAR_Busy |
|
1 | |
| Window | Find | class_name = WinRarWindow |
|
1 | |
| Window | Create | window_name = WinRAR, class_name = WinRarWindow, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-03-31 23:13:38 (Local Time) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarkey, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = Priority, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarreg.key, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Settings.reg, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\Settings.reg, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Extraction |
|
1 | |
| Keyboard | Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextWide, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextData, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Recovery, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EmailArcTo, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PackDetails, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Module | Load | module_name = C:\WINDOWS\system32\Crypt32.dll, base_address = 0x7ff92e880000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\crypt32.dll, function = CryptProtectMemory, address_out = 0x7ff92d8c1770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\crypt32.dll, function = CryptUnprotectMemory, address_out = 0x7ff92d8c17a0 |
|
1 | |
| File | Get Info | filename = Documents, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Documents\Documents, type = file_attributes |
|
1 | |
| File | Get Info | filename = Documents.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Documents\Documents.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = Documents.zip, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Documents\Documents.zip, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Compression |
|
1 | |
| File | Create | filename = Documents.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\Documents\Documents.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = Documents.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Documents\Documents.rar, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ActivePath, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtBMP, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList |
|
1 | |
| Window | Create | class_name = SysListView32, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList |
|
6 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
|
9 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = Documents.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Documents\Documents.rar, type = file_attributes |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15237274695 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = SystemProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = TaskbarProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Window | Create | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Window | Create | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 152781 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15281397310 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15338057145 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 153718 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 153734 |
|
1 | |
| System | Get Time | type = Ticks, time = 153734 |
|
1 | |
| File | Get Info | filename = My Music, type = file_attributes |
|
1 | |
| File | Get Info | filename = My Pictures, type = file_attributes |
|
1 | |
| File | Get Info | filename = My Videos, type = file_attributes |
|
1 | |
| System | Get Time | type = Ticks, time = 153750 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 153750 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CompareStringOrdinal, address_out = 0x7ff92fde8fb0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15389937088 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15390308705 |
|
1 | |
| File | Create | filename = Documents.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\Documents\Documents.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = Documents.rar, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 153875 |
|
1 | |
| File | Write | filename = Documents.rar, size = 8 |
|
1 | |
| File | Write | filename = Documents.rar, size = 17 |
|
1 | |
| File | Create | filename = -3PSVPdo1rq8.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 172296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17233011526 |
|
1 | |
| System | Get Time | type = Ticks, time = 172296 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:58 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17233895528 |
|
1 | |
| File | Read | filename = -3PSVPdo1rq8.docx, size = 1048576, size_out = 22681 |
|
1 | |
| File | Read | filename = -3PSVPdo1rq8.docx, size = 1025895, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 172312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17234931677 |
|
1 | |
| System | Get Time | type = Ticks, time = 172312 |
|
1 | |
| System | Get Time | type = Ticks, time = 172312 |
|
1 | |
| System | Get Time | type = Ticks, time = 172312 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 172390 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17243097170 |
|
1 | |
| System | Get Time | type = Ticks, time = 172390 |
|
3 | |
| File | Write | filename = Documents.rar, size = 22768 |
|
1 | |
| File | Write | filename = Documents.rar, size = 101 |
|
1 | |
| File | Create | filename = 5okJ0wdSjHps.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173093 |
|
1 | |
| System | Get Time | type = Ticks, time = 173093 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17312499738 |
|
1 | |
| File | Read | filename = 5okJ0wdSjHps.docx, size = 1048576, size_out = 22922 |
|
1 | |
| File | Read | filename = 5okJ0wdSjHps.docx, size = 1025654, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173093 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17312694042 |
|
1 | |
| System | Get Time | type = Ticks, time = 173093 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 173093 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17313268252 |
|
1 | |
| System | Get Time | type = Ticks, time = 173093 |
|
3 | |
| File | Write | filename = Documents.rar, size = 23024 |
|
1 | |
| File | Write | filename = Documents.rar, size = 101 |
|
1 | |
| File | Create | filename = 5YJHRW-JZoT5E S09D.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17313828493 |
|
1 | |
| File | Read | filename = 5YJHRW-JZoT5E S09D.pptx, size = 1048576, size_out = 1917 |
|
1 | |
| File | Read | filename = 5YJHRW-JZoT5E S09D.pptx, size = 1046659, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17314001516 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17314079364 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
3 | |
| File | Write | filename = Documents.rar, size = 1984 |
|
1 | |
| File | Write | filename = Documents.rar, size = 105 |
|
1 | |
| File | Create | filename = 7I1yC6W53.doc, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17314408867 |
|
1 | |
| File | Read | filename = 7I1yC6W53.doc, size = 1048576, size_out = 2265 |
|
1 | |
| File | Read | filename = 7I1yC6W53.doc, size = 1046311, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17314525949 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17314683803 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
3 | |
| File | Write | filename = Documents.rar, size = 2320 |
|
1 | |
| File | Write | filename = Documents.rar, size = 95 |
|
1 | |
| File | Create | filename = 8CFpoZ DqeCI.doc, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = Ticks, time = 173109 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17315004614 |
|
1 | |
| File | Read | filename = 8CFpoZ DqeCI.doc, size = 1048576, size_out = 99449 |
|
1 | |
| File | Read | filename = 8CFpoZ DqeCI.doc, size = 949127, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173125 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17315292954 |
|
1 | |
| System | Get Time | type = Ticks, time = 173125 |
|
3 | |
| System | Get Time | type = Ticks, time = 173234 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17327489494 |
|
1 | |
| System | Get Time | type = Ticks, time = 173234 |
|
3 | |
| File | Write | filename = Documents.rar, size = 99680 |
|
1 | |
| File | Write | filename = Documents.rar, size = 100 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173250 |
|
1 | |
| System | Get Time | type = Ticks, time = 173250 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17329009933 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx, size = 1048576, size_out = 72805 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\-4NjCVEIvkCBj.docx, size = 975771, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173265 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17329562430 |
|
1 | |
| System | Get Time | type = Ticks, time = 173265 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17330182227 |
|
1 | |
| System | Get Time | type = Ticks, time = 173265 |
|
3 | |
| File | Write | filename = Documents.rar, size = 72960 |
|
1 | |
| File | Write | filename = Documents.rar, size = 121 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173265 |
|
1 | |
| System | Get Time | type = Ticks, time = 173281 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17330982924 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx, size = 1048576, size_out = 75828 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\l7Td5TRgfXzOW kF6H0.docx, size = 972748, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173281 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17331326499 |
|
1 | |
| System | Get Time | type = Ticks, time = 173281 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17331985157 |
|
1 | |
| System | Get Time | type = Ticks, time = 173281 |
|
3 | |
| File | Write | filename = Documents.rar, size = 76000 |
|
1 | |
| File | Write | filename = Documents.rar, size = 127 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173296 |
|
1 | |
| System | Get Time | type = Ticks, time = 173296 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17333035000 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx, size = 1048576, size_out = 21820 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\-mjM.xlsx, size = 1026756, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17333349121 |
|
1 | |
| System | Get Time | type = Ticks, time = 173296 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 173296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17333826325 |
|
1 | |
| System | Get Time | type = Ticks, time = 173296 |
|
3 | |
| File | Write | filename = Documents.rar, size = 21904 |
|
1 | |
| File | Write | filename = Documents.rar, size = 121 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17334326921 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf, size = 1048576, size_out = 50615 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\35mJ-.pdf, size = 997961, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17334518280 |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
2 | |
| System | Get Time | type = Performance Ctr, time = 17335113686 |
|
1 | |
| System | Get Time | type = Ticks, time = 173312 |
|
3 | |
| File | Write | filename = Documents.rar, size = 50784 |
|
1 | |
| File | Write | filename = Documents.rar, size = 121 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173328 |
|
1 | |
| System | Get Time | type = Ticks, time = 173328 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17335908914 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx, size = 1048576, size_out = 79280 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\3jMLs-qdS.docx, size = 969296, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173328 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17336184496 |
|
1 | |
| System | Get Time | type = Ticks, time = 173328 |
|
3 | |
| System | Get Time | type = Ticks, time = 173343 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17337519676 |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
3 | |
| File | Write | filename = Documents.rar, size = 79424 |
|
1 | |
| File | Write | filename = Documents.rar, size = 126 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17338151059 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf, size = 1048576, size_out = 59842 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\BTQU2WOZsFUjw.pdf, size = 988734, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17338495493 |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
3 | |
| System | Get Time | type = Ticks, time = 173359 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17339096636 |
|
1 | |
| System | Get Time | type = Ticks, time = 173359 |
|
3 | |
| File | Write | filename = Documents.rar, size = 59968 |
|
1 | |
| File | Write | filename = Documents.rar, size = 137 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173359 |
|
1 | |
| System | Get Time | type = Ticks, time = 173359 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17339690163 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx, size = 1048576, size_out = 65013 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\cA7tY- cuM.pptx, size = 983563, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173359 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17340026632 |
|
1 | |
| System | Get Time | type = Ticks, time = 173359 |
|
3 | |
| System | Get Time | type = Ticks, time = 173375 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17340790813 |
|
1 | |
| System | Get Time | type = Ticks, time = 173375 |
|
3 | |
| File | Write | filename = Documents.rar, size = 65152 |
|
1 | |
| File | Write | filename = Documents.rar, size = 135 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173375 |
|
1 | |
| System | Get Time | type = Ticks, time = 173375 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17341572289 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt, size = 1048576, size_out = 17856 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\1q4uHOxj.odt, size = 1030720, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17341891199 |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17342133985 |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
3 | |
| File | Write | filename = Documents.rar, size = 17968 |
|
1 | |
| File | Write | filename = Documents.rar, size = 141 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:59 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17342682309 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx, size = 1048576, size_out = 41060 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\Kin6ms4WyJhH.xlsx, size = 1007516, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17342858027 |
|
1 | |
| System | Get Time | type = Ticks, time = 173390 |
|
3 | |
| System | Get Time | type = Ticks, time = 173906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17393863167 |
|
1 | |
| System | Get Time | type = Ticks, time = 173906 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| File | Write | filename = Documents.rar, size = 41168 |
|
1 | |
| File | Write | filename = Documents.rar, size = 146 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17395400110 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv, size = 1048576, size_out = 3270 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\KzP2.csv, size = 1045306, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17395637798 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17395791743 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
3 | |
| File | Write | filename = Documents.rar, size = 3328 |
|
1 | |
| File | Write | filename = Documents.rar, size = 135 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17396157927 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots, size = 1048576, size_out = 75533 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\mbQ0b7o.ots, size = 973043, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17396316566 |
|
1 | |
| System | Get Time | type = Ticks, time = 173921 |
|
3 | |
| System | Get Time | type = Ticks, time = 173937 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17397211839 |
|
1 | |
| System | Get Time | type = Ticks, time = 173937 |
|
3 | |
| File | Write | filename = Documents.rar, size = 75712 |
|
1 | |
| File | Write | filename = Documents.rar, size = 140 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173937 |
|
1 | |
| System | Get Time | type = Ticks, time = 173937 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17397794181 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv, size = 1048576, size_out = 4370 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\ww2bCvn.csv, size = 1044206, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17398270680 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17398459574 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
3 | |
| File | Write | filename = Documents.rar, size = 4432 |
|
1 | |
| File | Write | filename = Documents.rar, size = 138 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17398813251 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods, size = 1048576, size_out = 12823 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\Q9 7uahS\_fBJ yDh9e.ods, size = 1035753, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17398946892 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
3 | |
| System | Get Time | type = Ticks, time = 173968 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17399944876 |
|
1 | |
| System | Get Time | type = Ticks, time = 173968 |
|
3 | |
| File | Write | filename = Documents.rar, size = 12880 |
|
1 | |
| File | Write | filename = Documents.rar, size = 143 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173968 |
|
1 | |
| System | Get Time | type = Ticks, time = 173968 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17400304892 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls, size = 1048576, size_out = 101096 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\rDvRexnp0.xls, size = 947480, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 173968 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17400496353 |
|
1 | |
| System | Get Time | type = Ticks, time = 173968 |
|
3 | |
| System | Get Time | type = Ticks, time = 173984 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17401471925 |
|
1 | |
| System | Get Time | type = Ticks, time = 173984 |
|
3 | |
| File | Write | filename = Documents.rar, size = 101344 |
|
1 | |
| File | Write | filename = Documents.rar, size = 132 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 173984 |
|
1 | |
| System | Get Time | type = Ticks, time = 173984 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17402440986 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx, size = 1048576, size_out = 51715 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XGIfB05FTyHqB.xlsx, size = 996861, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17402883607 |
|
1 | |
| System | Get Time | type = Ticks, time = 174000 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17403545391 |
|
1 | |
| System | Get Time | type = Ticks, time = 174000 |
|
3 | |
| File | Write | filename = Documents.rar, size = 51856 |
|
1 | |
| File | Write | filename = Documents.rar, size = 138 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174000 |
|
1 | |
| System | Get Time | type = Ticks, time = 174000 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17404148748 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc, size = 1048576, size_out = 11225 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XiqWm6izl6v FQ5Q.doc, size = 1037351, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17404593969 |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17404814499 |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
3 | |
| File | Write | filename = Documents.rar, size = 11248 |
|
1 | |
| File | Write | filename = Documents.rar, size = 140 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17405223615 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf, size = 1048576, size_out = 76789 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\XXRZ1Ntz_m owLhUomX.rtf, size = 971787, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17405442557 |
|
1 | |
| System | Get Time | type = Ticks, time = 174015 |
|
3 | |
| System | Get Time | type = Ticks, time = 174031 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17406977159 |
|
1 | |
| System | Get Time | type = Ticks, time = 174031 |
|
3 | |
| File | Write | filename = Documents.rar, size = 65008 |
|
1 | |
| File | Write | filename = Documents.rar, size = 143 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174046 |
|
1 | |
| System | Get Time | type = Ticks, time = 174046 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17407912127 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx, size = 1048576, size_out = 101996 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\5HLd-s\xZQ7e8.pptx, size = 946580, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174046 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17408362001 |
|
1 | |
| System | Get Time | type = Ticks, time = 174046 |
|
3 | |
| System | Get Time | type = Ticks, time = 174062 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17409572212 |
|
1 | |
| System | Get Time | type = Ticks, time = 174062 |
|
3 | |
| File | Write | filename = Documents.rar, size = 102224 |
|
1 | |
| File | Write | filename = Documents.rar, size = 130 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174078 |
|
1 | |
| System | Get Time | type = Ticks, time = 174078 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17411165982 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods, size = 1048576, size_out = 76279 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\DLaLU5Np1FYR8L.ods, size = 972297, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174078 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17411705448 |
|
1 | |
| System | Get Time | type = Ticks, time = 174078 |
|
3 | |
| System | Get Time | type = Ticks, time = 174109 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17414018315 |
|
1 | |
| System | Get Time | type = Ticks, time = 174109 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| File | Write | filename = Documents.rar, size = 76464 |
|
1 | |
| File | Write | filename = Documents.rar, size = 157 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174125 |
|
1 | |
| System | Get Time | type = Ticks, time = 174125 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17415595849 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods, size = 1048576, size_out = 28325 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\iOBweAZSY.ods, size = 1020251, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174125 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17416072396 |
|
1 | |
| System | Get Time | type = Ticks, time = 174125 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17416546950 |
|
1 | |
| System | Get Time | type = Ticks, time = 174125 |
|
3 | |
| File | Write | filename = Documents.rar, size = 28400 |
|
1 | |
| File | Write | filename = Documents.rar, size = 152 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174140 |
|
1 | |
| System | Get Time | type = Ticks, time = 174140 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17417539088 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv, size = 1048576, size_out = 74809 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\5S3P3.csv, size = 973767, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174140 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17417817700 |
|
1 | |
| System | Get Time | type = Ticks, time = 174140 |
|
3 | |
| System | Get Time | type = Ticks, time = 174156 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17418905920 |
|
1 | |
| System | Get Time | type = Ticks, time = 174156 |
|
3 | |
| File | Write | filename = Documents.rar, size = 74976 |
|
1 | |
| File | Write | filename = Documents.rar, size = 157 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174156 |
|
1 | |
| System | Get Time | type = Ticks, time = 174156 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17419571659 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt, size = 1048576, size_out = 79125 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\lIHAtSXy\9NEdDu7cj0FPBRK.odt, size = 969451, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174171 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17420835313 |
|
1 | |
| System | Get Time | type = Ticks, time = 174171 |
|
3 | |
| System | Get Time | type = Ticks, time = 174187 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17421662984 |
|
1 | |
| System | Get Time | type = Ticks, time = 174187 |
|
3 | |
| File | Write | filename = Documents.rar, size = 79296 |
|
1 | |
| File | Write | filename = Documents.rar, size = 167 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174187 |
|
1 | |
| System | Get Time | type = Ticks, time = 174187 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17422489183 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt, size = 1048576, size_out = 67193 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\2NOJ5\Qx eo7HW.odt, size = 981383, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174187 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17422854279 |
|
1 | |
| System | Get Time | type = Ticks, time = 174187 |
|
3 | |
| System | Get Time | type = Ticks, time = 174203 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17423656811 |
|
1 | |
| System | Get Time | type = Ticks, time = 174203 |
|
3 | |
| File | Write | filename = Documents.rar, size = 67376 |
|
1 | |
| File | Write | filename = Documents.rar, size = 151 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174203 |
|
1 | |
| System | Get Time | type = Ticks, time = 174203 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17424228922 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv, size = 1048576, size_out = 1058 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jfYQRF.csv, size = 1047518, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17424875515 |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17425298146 |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
3 | |
| File | Write | filename = Documents.rar, size = 1120 |
|
1 | |
| File | Write | filename = Documents.rar, size = 141 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17425642081 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots, size = 1048576, size_out = 102227 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\jLF_V3JmdmbQkD.ots, size = 946349, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17425820029 |
|
1 | |
| System | Get Time | type = Ticks, time = 174218 |
|
3 | |
| System | Get Time | type = Ticks, time = 174234 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17426953934 |
|
1 | |
| System | Get Time | type = Ticks, time = 174234 |
|
3 | |
| File | Write | filename = Documents.rar, size = 102464 |
|
1 | |
| File | Write | filename = Documents.rar, size = 151 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17427826814 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf, size = 1048576, size_out = 34385 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\3k35ZmjoIQgYRoHKpmkK.pdf, size = 1014191, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17428244571 |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17429156392 |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
3 | |
| File | Write | filename = Documents.rar, size = 34512 |
|
1 | |
| File | Write | filename = Documents.rar, size = 171 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174265 |
|
1 | |
| System | Get Time | type = Ticks, time = 174265 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17429850768 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt, size = 1048576, size_out = 62018 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\99y9.odt, size = 986558, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174265 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17430101247 |
|
1 | |
| System | Get Time | type = Ticks, time = 174265 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17430610303 |
|
1 | |
| System | Get Time | type = Ticks, time = 174265 |
|
3 | |
| File | Write | filename = Documents.rar, size = 62160 |
|
1 | |
| File | Write | filename = Documents.rar, size = 155 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174281 |
|
1 | |
| System | Get Time | type = Ticks, time = 174281 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17431475713 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps, size = 1048576, size_out = 53507 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\l 4nHi8sklRbErgBL.pps, size = 995069, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174281 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17431788652 |
|
1 | |
| System | Get Time | type = Ticks, time = 174281 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17432297566 |
|
1 | |
| System | Get Time | type = Ticks, time = 174281 |
|
3 | |
| File | Write | filename = Documents.rar, size = 53648 |
|
1 | |
| File | Write | filename = Documents.rar, size = 178 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174296 |
|
1 | |
| System | Get Time | type = Ticks, time = 174296 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17433202104 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx, size = 1048576, size_out = 100419 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\L_jtuZX b2fVSoNPf.docx, size = 948157, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17433503087 |
|
1 | |
| System | Get Time | type = Ticks, time = 174296 |
|
3 | |
| System | Get Time | type = Ticks, time = 174312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17434478550 |
|
1 | |
| System | Get Time | type = Ticks, time = 174312 |
|
1 | |
| System | Get Time | type = Ticks, time = 174312 |
|
1 | |
| System | Get Time | type = Ticks, time = 174312 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| File | Write | filename = Documents.rar, size = 100656 |
|
1 | |
| File | Write | filename = Documents.rar, size = 179 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174328 |
|
1 | |
| System | Get Time | type = Ticks, time = 174328 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17436970994 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods, size = 1048576, size_out = 33711 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\eSCikz2YIWaDp58m1bY\NHc9hBVFvdQ5Z\K qThybav\XCn-HpOwlmV9G3Gdf9O.ods, size = 1014865, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174343 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17437569162 |
|
1 | |
| System | Get Time | type = Ticks, time = 174343 |
|
3 | |
| System | Get Time | type = Ticks, time = 174359 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17439596112 |
|
1 | |
| System | Get Time | type = Ticks, time = 174359 |
|
3 | |
| File | Write | filename = Documents.rar, size = 33856 |
|
1 | |
| File | Write | filename = Documents.rar, size = 180 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174359 |
|
1 | |
| System | Get Time | type = Ticks, time = 174359 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17440109337 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv, size = 1048576, size_out = 55794 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\QrQLcl.csv, size = 992782, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174375 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17440476526 |
|
1 | |
| System | Get Time | type = Ticks, time = 174375 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17441103127 |
|
1 | |
| System | Get Time | type = Ticks, time = 174375 |
|
3 | |
| File | Write | filename = Documents.rar, size = 55936 |
|
1 | |
| File | Write | filename = Documents.rar, size = 122 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174375 |
|
1 | |
| System | Get Time | type = Ticks, time = 174390 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17441969475 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp, size = 1048576, size_out = 30026 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\qfqeMqDF\R2r4mFlAna2enKE.odp, size = 1018550, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174390 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17442368944 |
|
1 | |
| System | Get Time | type = Ticks, time = 174390 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17442733852 |
|
1 | |
| System | Get Time | type = Ticks, time = 174390 |
|
3 | |
| File | Write | filename = Documents.rar, size = 30112 |
|
1 | |
| File | Write | filename = Documents.rar, size = 131 |
|
1 | |
| File | Create | filename = 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174390 |
|
1 | |
| System | Get Time | type = Ticks, time = 174390 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:00 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17443201816 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx, size = 1048576, size_out = 44333 |
|
1 | |
| File | Read | filename = 9EMbKuPh551l7_WJZv\WKv89hDvOzA.pptx, size = 1004243, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174406 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17443591628 |
|
1 | |
| System | Get Time | type = Ticks, time = 174406 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17444793067 |
|
1 | |
| System | Get Time | type = Ticks, time = 174406 |
|
3 | |
| File | Write | filename = Documents.rar, size = 44432 |
|
1 | |
| File | Write | filename = Documents.rar, size = 119 |
|
1 | |
| File | Create | filename = d8N7eT8cGeAbq0mZ CKY.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174828 |
|
1 | |
| System | Get Time | type = Ticks, time = 174828 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17486883434 |
|
1 | |
| File | Read | filename = d8N7eT8cGeAbq0mZ CKY.xlsx, size = 1048576, size_out = 52391 |
|
1 | |
| File | Read | filename = d8N7eT8cGeAbq0mZ CKY.xlsx, size = 996185, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174843 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17487317354 |
|
1 | |
| System | Get Time | type = Ticks, time = 174843 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 174843 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17488156602 |
|
1 | |
| System | Get Time | type = Ticks, time = 174843 |
|
3 | |
| File | Write | filename = Documents.rar, size = 52544 |
|
1 | |
| File | Write | filename = Documents.rar, size = 109 |
|
1 | |
| File | Create | filename = Database1.accdb, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174859 |
|
1 | |
| System | Get Time | type = Ticks, time = 174859 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17488984057 |
|
1 | |
| File | Read | filename = Database1.accdb, size = 1048576, size_out = 348160 |
|
1 | |
| File | Read | filename = Database1.accdb, size = 700416, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174921 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17496229028 |
|
1 | |
| System | Get Time | type = Ticks, time = 174921 |
|
3 | |
| System | Get Time | type = Ticks, time = 174968 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17499825070 |
|
1 | |
| System | Get Time | type = Ticks, time = 174968 |
|
3 | |
| File | Write | filename = Documents.rar, size = 11312 |
|
1 | |
| File | Write | filename = Documents.rar, size = 99 |
|
1 | |
| File | Create | filename = desktop.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174968 |
|
1 | |
| System | Get Time | type = Ticks, time = 174968 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17500708533 |
|
1 | |
| File | Read | filename = desktop.ini, size = 1048576, size_out = 402 |
|
1 | |
| File | Read | filename = desktop.ini, size = 1048174, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174968 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17500908483 |
|
1 | |
| System | Get Time | type = Ticks, time = 174968 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 17501032263 |
|
1 | |
| System | Get Time | type = Ticks, time = 174968 |
|
3 | |
| File | Write | filename = Documents.rar, size = 192 |
|
1 | |
| File | Write | filename = Documents.rar, size = 93 |
|
1 | |
| File | Create | filename = eBvOtmtGs9oVXiPynY.xlsx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 174984 |
|
1 | |
| System | Get Time | type = Ticks, time = 174984 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17501845711 |
|
1 | |
| File | Read | filename = eBvOtmtGs9oVXiPynY.xlsx, size = 1048576, size_out = 26111 |
|
1 | |
| File | Read | filename = eBvOtmtGs9oVXiPynY.xlsx, size = 1022465, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 174984 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17502047160 |
|
1 | |
| System | Get Time | type = Ticks, time = 174984 |
|
3 | |
| System | Get Time | type = Ticks, time = 175000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17502846151 |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
3 | |
| File | Write | filename = Documents.rar, size = 26176 |
|
1 | |
| File | Write | filename = Documents.rar, size = 107 |
|
1 | |
| File | Create | filename = FoGmW sbJbVrE-.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17503586839 |
|
1 | |
| File | Read | filename = FoGmW sbJbVrE-.pptx, size = 1048576, size_out = 7234 |
|
1 | |
| File | Read | filename = FoGmW sbJbVrE-.pptx, size = 1041342, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17503848586 |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
3 | |
| System | Get Time | type = Ticks, time = 175015 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17504714568 |
|
1 | |
| System | Get Time | type = Ticks, time = 175015 |
|
3 | |
| File | Write | filename = Documents.rar, size = 7280 |
|
1 | |
| File | Write | filename = Documents.rar, size = 101 |
|
1 | |
| File | Create | filename = g9y9 K 4j.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 175015 |
|
1 | |
| System | Get Time | type = Ticks, time = 175015 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:14:01 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17505072750 |
|
1 | |
| File | Read | filename = g9y9 K 4j.pptx, size = 1048576, size_out = 85473 |
|
1 | |
| File | Read | filename = g9y9 K 4j.pptx, size = 963103, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 175015 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17505249582 |
|
1 | |
| System | Get Time | type = Ticks, time = 175015 |
|
3 | |
| System | Get Time | type = Ticks, time = 175031 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17506145268 |
|
1 | |
| System | Get Time | type = Ticks, time = 175031 |
|
3 | |
| File | Write | filename = Documents.rar, size = 85680 |
|
1 | |
| File | Write | filename = Documents.rar, size = 98 |
|
1 | |
| File | Create | filename = jYH_Ha3VQR8eB_bONWr9.pptx, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 175031 |
|
1 | |
|
For performance reasons, the remaining 608 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process #11: winrar.exe
2030
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\users\fd1hvy\appdata\local\temp\winrar.exe |
| Command Line | C:\Users\FD1HVy\AppData\Local\Temp\\WinRAR.exe m -r -pMyPassword Pictures * |
| Initial Working Directory | C:\Users\FD1HVy\Pictures\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:17, Reason: Self Terminated |
| Monitor Duration | 00:00:20 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x754 |
| Parent PID | 0xa9c (c:\windows\syswow64\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
CD8
0x
388
0x
824
0x
4AC
0x
EF8
0x
F70
0x
9E0
0x
B84
0x
D6C
0x
EB0
0x
E40
0x
FBC
0x
E90
0x
BEC
0x
FB8
0x
F84
0x
D5C
0x
CA0
0x
D1C
0x
FB4
0x
D7C
0x
ECC
0x
E98
0x
EE0
0x
324
0x
FB0
0x
1004
0x
1008
0x
100C
0x
1010
0x
1014
0x
1018
0x
101C
0x
1020
0x
1024
0x
1028
0x
102C
0x
1030
0x
1034
0x
1038
0x
103C
0x
1040
0x
1044
0x
1048
0x
104C
0x
1050
0x
1054
0x
1058
0x
105C
0x
1060
0x
1064
0x
1068
0x
106C
0x
1070
0x
1074
0x
1078
0x
107C
0x
1080
0x
1084
0x
1088
0x
108C
0x
1090
0x
1094
0x
1098
0x
109C
0x
10A0
0x
10A4
0x
10A8
0x
10AC
0x
10B0
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| winrar.exe | 0x7FF6F74D0000 | 0x7FF6F779FFFF | Process Termination | - | 64-bit | - |
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| Pictures.rar | 2.09 MB |
MD5:
1529f351c2fa6e418339daccb62c82e7
SHA1: 8553fc21b935c408f801bc2080da58f1bff66f69 SHA256: 799c8d082fe7ee8bd2094495e17edd836ff1680e185d8297eb5da5a5a1ce8c3e SSDeep: 49152:QJODSx4QT/yfmAl/gencu3YT/woKEo5HKOqA0A5JOGKwOyVCN:QJ9ufmLhwb5KAa5 |
|
|
Threads
Thread 0xcd8
2030
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = InitializeCriticalSectionEx, address_out = 0x7ff92f1ad580 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsAlloc, address_out = 0x7ff92f1bd3e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsGetValue, address_out = 0x7ff92f192340 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = FlsSetValue, address_out = 0x7ff92f198c10 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x7ff92f150000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernelbase.dll, function = LCMapStringEx, address_out = 0x7ff92f17c800 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = InitializeConditionVariable, address_out = 0x7ff931fb35c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x7ff92f1be960 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x7ff931fa6090 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 14920805244 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDllDirectoryW, address_out = 0x7ff92fdee3c0 |
|
1 | |
| File | Add Search Path | - |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetDefaultDllDirectories, address_out = 0x7ff92f228b70 |
|
1 | |
| Module | Get Handle | module_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, base_address = 0x7ff6f74d0000, flags = GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\WinRAR.ini, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = LanguageFolder, data = 0, type = REG_NONE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, base_address = 0x0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = LanguageFolder, data = 33, type = REG_NONE |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\AppData\Local\Temp\winrar.lng, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Module | Load | module_name = C:\WINDOWS\system32\riched20.dll, base_address = 0x7ff912450000 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:35 (UTC) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = VerInfo, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, type = file_type |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\version.dat, size = 4096, size_out = 12 |
|
1 | |
| Mutex | Create | mutex_name = WinRAR_Busy |
|
1 | |
| Window | Find | class_name = WinRarWindow |
|
1 | |
| Window | Create | window_name = WinRAR, class_name = WinRarWindow, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-03-31 23:13:38 (Local Time) |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarkey, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = Priority, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR, value_name = rarreg.key, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Extraction |
|
1 | |
| Keyboard | Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\General, value_name = SMP, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\1 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\2 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\3 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\4 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\5 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcName, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ExclNames, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = StoreNames, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Default, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = UseRAR, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RAR5, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXModule, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFX, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXIcon, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXLogo, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SFXElevate, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtFile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtDataWide, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextWide, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = CmtTextData, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolumeSize, data = 0, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolSizeMod, data = 2, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VolPause, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OldVolNames, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecVolNumber, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Update, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Fresh, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SyncFiles, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Overwrite, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Move, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcRecBin, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcWipe, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WipeIfPassword, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Solid, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Test, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecEnabled, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = RecSize, data = 4294967293, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Recovery, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EraseDest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = AddArcOnly, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ClearArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Lock, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Method, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSizeLZ, data = 4194304, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = DictSize, data = 33554432, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Name, data = Default Profile, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PasswordData, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EncryptHeaders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ZipLegacyEncrypt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = OpenShared, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ProcessOwners, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveStreams, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveSymLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SaveHardLinks, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Background, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = WaitForOther, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = Shutdown, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateArcName, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = VersionControl, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = BLAKE2, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileCopies, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = QuickOpen, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = GenerateMask, data = yyyymmddhhmmss, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileTimeMode, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileDays, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileHours, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = FileMinutes, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeOriginal, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ArcTimeLatest, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = mtime, data = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ctime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = atime, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbs, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsNone, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PathsAbsDrive, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = ImmExec, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArc, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcDoubleExt, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = SeparateArcSubfolders, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = EmailArcTo, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Profiles\0, value_name = PackDetails, type = REG_BINARY |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\WinRAR\Policy |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Policy |
|
1 | |
| System | Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 | |
| Module | Load | module_name = C:\WINDOWS\system32\Crypt32.dll, base_address = 0x7ff92e880000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\crypt32.dll, function = CryptProtectMemory, address_out = 0x7ff92d8c1770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\crypt32.dll, function = CryptUnprotectMemory, address_out = 0x7ff92d8c17a0 |
|
1 | |
| File | Get Info | filename = Pictures, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures, type = file_attributes |
|
1 | |
| File | Get Info | filename = Pictures.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = Pictures.zip, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures.zip, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Compression |
|
1 | |
| File | Create | filename = Pictures.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures.rar, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Get Info | filename = Pictures.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures.rar, type = file_attributes |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ActivePath, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\AppData\Roaming\WinRAR\Themes, type = file_attributes |
|
1 | |
| Module | Get Filename | module_name = C:\Users\FD1HVy\AppData\Local\Temp\rarlng.dll, process_name = c:\users\fd1hvy\appdata\local\temp\winrar.exe, file_name_orig = C:\Users\FD1HVy\AppData\Local\Temp\WinRAR.exe, size = 2048 |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtBMP, size = 2, type = REG_SZ |
|
1 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes, value_name = ShellExtIcon, size = 2, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList |
|
1 | |
| Window | Create | class_name = SysListView32, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList |
|
6 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
|
9 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnStates |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Paths |
|
1 | |
| File | Get Info | filename = Pictures.rar, type = file_attributes |
|
1 | |
| File | Get Info | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures.rar, type = file_attributes |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15224004289 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = SystemProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\WinRAR\Interface, value_name = TaskbarProgressBar, data = 1, type = REG_NONE |
|
1 | |
| Window | Create | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| Window | Create | class_name = tooltips_class32, wndproc_parameter = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 152781 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15281653057 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15282303572 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 153546 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 153546 |
|
1 | |
| System | Get Time | type = Ticks, time = 153546 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CompareStringOrdinal, address_out = 0x7ff92fde8fb0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15384843085 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15385165545 |
|
1 | |
| File | Create | filename = Pictures.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = \\?\C:\Users\FD1HVy\Pictures\Pictures.rar, desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = Pictures.rar, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 153828 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 8 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 17 |
|
1 | |
| File | Create | filename = 17Kei.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 154250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15428579620 |
|
1 | |
| System | Get Time | type = Ticks, time = 154250 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15429182027 |
|
1 | |
| File | Read | filename = 17Kei.bmp, size = 1048576, size_out = 48846 |
|
1 | |
| File | Read | filename = 17Kei.bmp, size = 999730, size_out = 0 |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 154265 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15430284429 |
|
1 | |
| System | Get Time | type = Ticks, time = 154265 |
|
1 | |
| System | Get Time | type = Ticks, time = 154265 |
|
1 | |
| System | Get Time | type = Ticks, time = 154265 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 154406 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15444704119 |
|
1 | |
| System | Get Time | type = Ticks, time = 154406 |
|
3 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 48928 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 93 |
|
1 | |
| File | Create | filename = 1Uee5Fu 2XCwi8fG.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 154718 |
|
1 | |
| System | Get Time | type = Ticks, time = 154718 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15475913466 |
|
1 | |
| File | Read | filename = 1Uee5Fu 2XCwi8fG.gif, size = 1048576, size_out = 75056 |
|
1 | |
| File | Read | filename = 1Uee5Fu 2XCwi8fG.gif, size = 973520, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 154718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15476004927 |
|
1 | |
| System | Get Time | type = Ticks, time = 154718 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 154734 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15477639772 |
|
1 | |
| System | Get Time | type = Ticks, time = 154734 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 75232 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 104 |
|
1 | |
| File | Create | filename = 5qnTEjfG9KjtBUIojvlC.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 154750 |
|
1 | |
| System | Get Time | type = Ticks, time = 154750 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:40 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15478554322 |
|
1 | |
| File | Read | filename = 5qnTEjfG9KjtBUIojvlC.png, size = 1048576, size_out = 73639 |
|
1 | |
| File | Read | filename = 5qnTEjfG9KjtBUIojvlC.png, size = 974937, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 154750 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15478645452 |
|
1 | |
| System | Get Time | type = Ticks, time = 154750 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15479195811 |
|
1 | |
| System | Get Time | type = Ticks, time = 154750 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 73808 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 108 |
|
1 | |
| File | Create | filename = 6xi8hATC8ep.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 154765 |
|
1 | |
| System | Get Time | type = Ticks, time = 155296 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15552745954 |
|
1 | |
| File | Read | filename = 6xi8hATC8ep.gif, size = 1048576, size_out = 15219 |
|
1 | |
| File | Read | filename = 6xi8hATC8ep.gif, size = 1033357, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15552894602 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15553461517 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 15248 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 99 |
|
1 | |
| File | Create | filename = 7ZwWGMcIaUjWjMVJAe.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15553869096 |
|
1 | |
| File | Read | filename = 7ZwWGMcIaUjWjMVJAe.jpg, size = 1048576, size_out = 43455 |
|
1 | |
| File | Read | filename = 7ZwWGMcIaUjWjMVJAe.jpg, size = 1005121, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15553969903 |
|
1 | |
| System | Get Time | type = Ticks, time = 155500 |
|
3 | |
| System | Get Time | type = Ticks, time = 155515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15554382242 |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 43552 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 106 |
|
1 | |
| File | Create | filename = 8eYKFrOBbq-TuX.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15554972683 |
|
1 | |
| File | Read | filename = 8eYKFrOBbq-TuX.bmp, size = 1048576, size_out = 20756 |
|
1 | |
| File | Read | filename = 8eYKFrOBbq-TuX.bmp, size = 1027820, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15555041538 |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15555267540 |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 20832 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 102 |
|
1 | |
| File | Create | filename = 9BtQRHA1y.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155515 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15555881697 |
|
1 | |
| File | Read | filename = 9BtQRHA1y.gif, size = 1048576, size_out = 42415 |
|
1 | |
| File | Read | filename = 9BtQRHA1y.gif, size = 1006161, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15555982959 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15556310925 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 42528 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 97 |
|
1 | |
| File | Create | filename = A4ii4MOpBgpQwQBT.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15556911962 |
|
1 | |
| File | Read | filename = A4ii4MOpBgpQwQBT.jpg, size = 1048576, size_out = 87534 |
|
1 | |
| File | Read | filename = A4ii4MOpBgpQwQBT.jpg, size = 961042, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15557007078 |
|
1 | |
| System | Get Time | type = Ticks, time = 155531 |
|
3 | |
| System | Get Time | type = Ticks, time = 155546 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15558169755 |
|
1 | |
| System | Get Time | type = Ticks, time = 155546 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 87728 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 104 |
|
1 | |
| File | Create | filename = aHz4Hx-PBeuX.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155703 |
|
1 | |
| System | Get Time | type = Ticks, time = 155703 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15573580648 |
|
1 | |
| File | Read | filename = aHz4Hx-PBeuX.png, size = 1048576, size_out = 81997 |
|
1 | |
| File | Read | filename = aHz4Hx-PBeuX.png, size = 966579, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155703 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15573680198 |
|
1 | |
| System | Get Time | type = Ticks, time = 155703 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15574676739 |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 82160 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 100 |
|
1 | |
| File | Create | filename = awTUht89JcK2K D7j9i.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15575338188 |
|
1 | |
| File | Read | filename = awTUht89JcK2K D7j9i.png, size = 1048576, size_out = 34167 |
|
1 | |
| File | Read | filename = awTUht89JcK2K D7j9i.png, size = 1014409, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15575424647 |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15575707603 |
|
1 | |
| System | Get Time | type = Ticks, time = 155718 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 34288 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 107 |
|
1 | |
| File | Create | filename = c9ZaReaCiTG.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155734 |
|
1 | |
| System | Get Time | type = Ticks, time = 155734 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15576465158 |
|
1 | |
| File | Read | filename = c9ZaReaCiTG.png, size = 1048576, size_out = 82983 |
|
1 | |
| File | Read | filename = c9ZaReaCiTG.png, size = 965593, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155734 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15576555848 |
|
1 | |
| System | Get Time | type = Ticks, time = 155734 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15577159390 |
|
1 | |
| System | Get Time | type = Ticks, time = 155734 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 83216 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 99 |
|
1 | |
| File | Create | filename = Camera Roll\desktop.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155734 |
|
1 | |
| System | Get Time | type = Ticks, time = 155750 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:41 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15577874247 |
|
1 | |
| File | Read | filename = Camera Roll\desktop.ini, size = 1048576, size_out = 190 |
|
1 | |
| File | Read | filename = Camera Roll\desktop.ini, size = 1048386, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15592099498 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15592560719 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 160 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 105 |
|
1 | |
| File | Create | filename = Cg4L5J0Hp5g.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15593021908 |
|
1 | |
| File | Read | filename = Cg4L5J0Hp5g.bmp, size = 1048576, size_out = 3689 |
|
1 | |
| File | Read | filename = Cg4L5J0Hp5g.bmp, size = 1044887, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15593079817 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15593228704 |
|
1 | |
| System | Get Time | type = Ticks, time = 155890 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 3744 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 97 |
|
1 | |
| File | Create | filename = desktop.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15593595182 |
|
1 | |
| File | Read | filename = desktop.ini, size = 1048576, size_out = 504 |
|
1 | |
| File | Read | filename = desktop.ini, size = 1048072, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15593666729 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15594095924 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 208 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 93 |
|
1 | |
| File | Create | filename = dw0z-rObH0-zF2.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15594466548 |
|
1 | |
| File | Read | filename = dw0z-rObH0-zF2.png, size = 1048576, size_out = 6965 |
|
1 | |
| File | Read | filename = dw0z-rObH0-zF2.png, size = 1041611, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15594536010 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15594726747 |
|
1 | |
| System | Get Time | type = Ticks, time = 155906 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 7008 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 100 |
|
1 | |
| File | Create | filename = FiPd_4qvOx8j.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155921 |
|
1 | |
| System | Get Time | type = Ticks, time = 155921 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15595321350 |
|
1 | |
| File | Read | filename = FiPd_4qvOx8j.jpg, size = 1048576, size_out = 46505 |
|
1 | |
| File | Read | filename = FiPd_4qvOx8j.jpg, size = 1002071, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 155921 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15595420948 |
|
1 | |
| System | Get Time | type = Ticks, time = 155921 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15595802347 |
|
1 | |
| System | Get Time | type = Ticks, time = 155921 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 46608 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 100 |
|
1 | |
| File | Create | filename = g6r96fa7GyN6.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 155921 |
|
1 | |
| System | Get Time | type = Ticks, time = 156250 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15628770326 |
|
1 | |
| File | Read | filename = g6r96fa7GyN6.gif, size = 1048576, size_out = 57322 |
|
1 | |
| File | Read | filename = g6r96fa7GyN6.gif, size = 991254, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15629057832 |
|
1 | |
| System | Get Time | type = Ticks, time = 156250 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 156265 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15629936552 |
|
1 | |
| System | Get Time | type = Ticks, time = 156265 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 57456 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 100 |
|
1 | |
| File | Create | filename = gTXyE1NkEEb.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156265 |
|
1 | |
| System | Get Time | type = Ticks, time = 156265 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15630625888 |
|
1 | |
| File | Read | filename = gTXyE1NkEEb.jpg, size = 1048576, size_out = 96501 |
|
1 | |
| File | Read | filename = gTXyE1NkEEb.jpg, size = 952075, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156265 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15630724071 |
|
1 | |
| System | Get Time | type = Ticks, time = 156265 |
|
3 | |
| System | Get Time | type = Ticks, time = 156281 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15631980409 |
|
1 | |
| System | Get Time | type = Ticks, time = 156281 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 96688 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 99 |
|
1 | |
| File | Create | filename = H6PwCN3oyZKOwFQ.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156296 |
|
1 | |
| System | Get Time | type = Ticks, time = 156296 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15632952118 |
|
1 | |
| File | Read | filename = H6PwCN3oyZKOwFQ.png, size = 1048576, size_out = 101635 |
|
1 | |
| File | Read | filename = H6PwCN3oyZKOwFQ.png, size = 946941, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15633055075 |
|
1 | |
| System | Get Time | type = Ticks, time = 156296 |
|
3 | |
| System | Get Time | type = Ticks, time = 156312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15634290097 |
|
1 | |
| System | Get Time | type = Ticks, time = 156312 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 101872 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 103 |
|
1 | |
| File | Create | filename = H7Jzn2.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156312 |
|
1 | |
| System | Get Time | type = Ticks, time = 156312 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15635046995 |
|
1 | |
| File | Read | filename = H7Jzn2.png, size = 1048576, size_out = 81996 |
|
1 | |
| File | Read | filename = H7Jzn2.png, size = 966580, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15635150620 |
|
1 | |
| System | Get Time | type = Ticks, time = 156312 |
|
3 | |
| System | Get Time | type = Ticks, time = 156484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15652073934 |
|
1 | |
| System | Get Time | type = Ticks, time = 156484 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| File | Write | filename = Pictures.rar, size = 82176 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 94 |
|
1 | |
| File | Create | filename = hh1Bz.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156500 |
|
1 | |
| System | Get Time | type = Ticks, time = 156500 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15653992504 |
|
1 | |
| File | Read | filename = hh1Bz.png, size = 1048576, size_out = 97065 |
|
1 | |
| File | Read | filename = hh1Bz.png, size = 951511, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15654119859 |
|
1 | |
| System | Get Time | type = Ticks, time = 156500 |
|
1 | |
| System | Get Time | type = Ticks, time = 156500 |
|
1 | |
| System | Get Time | type = Ticks, time = 156515 |
|
1 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 156515 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15655737210 |
|
1 | |
| System | Get Time | type = Ticks, time = 156515 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 97248 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 93 |
|
1 | |
| File | Create | filename = HPs4cKd.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156531 |
|
1 | |
| System | Get Time | type = Ticks, time = 156531 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15657293993 |
|
1 | |
| File | Read | filename = HPs4cKd.bmp, size = 1048576, size_out = 59374 |
|
1 | |
| File | Read | filename = HPs4cKd.bmp, size = 989202, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156718 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15675522978 |
|
1 | |
| System | Get Time | type = Ticks, time = 156718 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15676323380 |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 59504 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 95 |
|
1 | |
| File | Create | filename = job -V_cE7uVrHssoWW.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15677025788 |
|
1 | |
| File | Read | filename = job -V_cE7uVrHssoWW.jpg, size = 1048576, size_out = 48923 |
|
1 | |
| File | Read | filename = job -V_cE7uVrHssoWW.jpg, size = 999653, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15677116797 |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15677469922 |
|
1 | |
| System | Get Time | type = Ticks, time = 156734 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 49024 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 107 |
|
1 | |
| File | Create | filename = KmDsFaqbjMnNn4BN.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15678083973 |
|
1 | |
| File | Read | filename = KmDsFaqbjMnNn4BN.jpg, size = 1048576, size_out = 33999 |
|
1 | |
| File | Read | filename = KmDsFaqbjMnNn4BN.jpg, size = 1014577, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15678173538 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15678451820 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 34160 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 104 |
|
1 | |
| File | Create | filename = m3ksaTaVuXM_ADoCvA.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15678973106 |
|
1 | |
| File | Read | filename = m3ksaTaVuXM_ADoCvA.jpg, size = 1048576, size_out = 92134 |
|
1 | |
| File | Read | filename = m3ksaTaVuXM_ADoCvA.jpg, size = 956442, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15679074681 |
|
1 | |
| System | Get Time | type = Ticks, time = 156750 |
|
3 | |
| System | Get Time | type = Ticks, time = 156765 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15679713687 |
|
1 | |
| System | Get Time | type = Ticks, time = 156765 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 92320 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 106 |
|
1 | |
| File | Create | filename = m3Vfo.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156765 |
|
1 | |
| System | Get Time | type = Ticks, time = 156765 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:42 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15680500289 |
|
1 | |
| File | Read | filename = m3Vfo.png, size = 1048576, size_out = 93174 |
|
1 | |
| File | Read | filename = m3Vfo.png, size = 955402, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156765 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15680602506 |
|
1 | |
| System | Get Time | type = Ticks, time = 156765 |
|
3 | |
| System | Get Time | type = Ticks, time = 156875 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15691212358 |
|
1 | |
| System | Get Time | type = Ticks, time = 156875 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 93376 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 93 |
|
1 | |
| File | Create | filename = Pe_4G6TNHBiw7.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156890 |
|
1 | |
| System | Get Time | type = Ticks, time = 156890 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15692344301 |
|
1 | |
| File | Read | filename = Pe_4G6TNHBiw7.gif, size = 1048576, size_out = 70389 |
|
1 | |
| File | Read | filename = Pe_4G6TNHBiw7.gif, size = 978187, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156890 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15692440011 |
|
1 | |
| System | Get Time | type = Ticks, time = 156890 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15692934793 |
|
1 | |
| System | Get Time | type = Ticks, time = 156890 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 70560 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 101 |
|
1 | |
| File | Create | filename = q0 y.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15693555347 |
|
1 | |
| File | Read | filename = q0 y.bmp, size = 1048576, size_out = 14550 |
|
1 | |
| File | Read | filename = q0 y.bmp, size = 1034026, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15693628297 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15693818389 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 14576 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 92 |
|
1 | |
| File | Create | filename = QX41YSfi6.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15694202600 |
|
1 | |
| File | Read | filename = QX41YSfi6.bmp, size = 1048576, size_out = 86135 |
|
1 | |
| File | Read | filename = QX41YSfi6.bmp, size = 962441, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15694378043 |
|
1 | |
| System | Get Time | type = Ticks, time = 156906 |
|
3 | |
| System | Get Time | type = Ticks, time = 156921 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15695152515 |
|
1 | |
| System | Get Time | type = Ticks, time = 156921 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| File | Write | filename = Pictures.rar, size = 86336 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 97 |
|
1 | |
| File | Create | filename = Saved Pictures\desktop.ini, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156921 |
|
1 | |
| System | Get Time | type = Ticks, time = 156921 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15696388153 |
|
1 | |
| File | Read | filename = Saved Pictures\desktop.ini, size = 1048576, size_out = 190 |
|
1 | |
| File | Read | filename = Saved Pictures\desktop.ini, size = 1048386, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15696649617 |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15696675958 |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 160 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 108 |
|
1 | |
| File | Create | filename = sj6 1xhDAi0ypw.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15697000690 |
|
1 | |
| File | Read | filename = sj6 1xhDAi0ypw.jpg, size = 1048576, size_out = 22861 |
|
1 | |
| File | Read | filename = sj6 1xhDAi0ypw.jpg, size = 1025715, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15697063711 |
|
1 | |
| System | Get Time | type = Ticks, time = 156937 |
|
3 | |
| System | Get Time | type = Ticks, time = 157250 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15729309834 |
|
1 | |
| System | Get Time | type = Ticks, time = 157265 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| File | Write | filename = Pictures.rar, size = 22944 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 102 |
|
1 | |
| File | Create | filename = svWwwq0D.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157265 |
|
1 | |
| System | Get Time | type = Ticks, time = 157281 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15730959815 |
|
1 | |
| File | Read | filename = svWwwq0D.png, size = 1048576, size_out = 92299 |
|
1 | |
| File | Read | filename = svWwwq0D.png, size = 956277, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157281 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15731095609 |
|
1 | |
| System | Get Time | type = Ticks, time = 157281 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15731757621 |
|
1 | |
| System | Get Time | type = Ticks, time = 157281 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 92496 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 96 |
|
1 | |
| File | Create | filename = W-jIjn6.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157281 |
|
1 | |
| System | Get Time | type = Ticks, time = 157281 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15732533587 |
|
1 | |
| File | Read | filename = W-jIjn6.gif, size = 1048576, size_out = 63593 |
|
1 | |
| File | Read | filename = W-jIjn6.gif, size = 984983, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15732646548 |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15733201467 |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 63728 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 95 |
|
1 | |
| File | Create | filename = Ww lmr4coeaZVkLVzHS.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15733794966 |
|
1 | |
| File | Read | filename = Ww lmr4coeaZVkLVzHS.jpg, size = 1048576, size_out = 6330 |
|
1 | |
| File | Read | filename = Ww lmr4coeaZVkLVzHS.jpg, size = 1042246, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15733860632 |
|
1 | |
| System | Get Time | type = Ticks, time = 157296 |
|
3 | |
| System | Get Time | type = Ticks, time = 157312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15734304294 |
|
1 | |
| System | Get Time | type = Ticks, time = 157312 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 6400 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 105 |
|
1 | |
| File | Create | filename = YBodpCQ1OYUO B.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157312 |
|
1 | |
| System | Get Time | type = Ticks, time = 157312 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15734664622 |
|
1 | |
| File | Read | filename = YBodpCQ1OYUO B.gif, size = 1048576, size_out = 93957 |
|
1 | |
| File | Read | filename = YBodpCQ1OYUO B.gif, size = 954619, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157312 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15734774033 |
|
1 | |
| System | Get Time | type = Ticks, time = 157312 |
|
3 | |
| System | Get Time | type = Ticks, time = 157453 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15749337425 |
|
1 | |
| System | Get Time | type = Ticks, time = 157453 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 94144 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 102 |
|
1 | |
| File | Create | filename = yova8.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157468 |
|
1 | |
| System | Get Time | type = Ticks, time = 157468 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15750206567 |
|
1 | |
| File | Read | filename = yova8.bmp, size = 1048576, size_out = 23571 |
|
1 | |
| File | Read | filename = yova8.bmp, size = 1025005, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157468 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15750279437 |
|
1 | |
| System | Get Time | type = Ticks, time = 157468 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| System | Get Time | type = Ticks, time = 157468 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15750828265 |
|
1 | |
| System | Get Time | type = Ticks, time = 157468 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 23648 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 93 |
|
1 | |
| File | Create | filename = yWEcS.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15751461766 |
|
1 | |
| File | Read | filename = yWEcS.bmp, size = 1048576, size_out = 11930 |
|
1 | |
| File | Read | filename = yWEcS.bmp, size = 1036646, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15751575632 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15751784888 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 11952 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 93 |
|
1 | |
| File | Create | filename = y_QmYlvwtNWjwI0tZ.bmp, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15752162644 |
|
1 | |
| File | Read | filename = y_QmYlvwtNWjwI0tZ.bmp, size = 1048576, size_out = 48977 |
|
1 | |
| File | Read | filename = y_QmYlvwtNWjwI0tZ.bmp, size = 999599, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15752277835 |
|
1 | |
| System | Get Time | type = Ticks, time = 157484 |
|
3 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15752824991 |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 49056 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 105 |
|
1 | |
| File | Create | filename = Z8PEjH5b.jpg, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15753569568 |
|
1 | |
| File | Read | filename = Z8PEjH5b.jpg, size = 1048576, size_out = 83459 |
|
1 | |
| File | Read | filename = Z8PEjH5b.jpg, size = 965117, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15753678170 |
|
1 | |
| System | Get Time | type = Ticks, time = 157500 |
|
3 | |
| System | Get Time | type = Ticks, time = 157609 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15764695762 |
|
1 | |
| System | Get Time | type = Ticks, time = 157609 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 83680 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 96 |
|
1 | |
| File | Create | filename = zdKqdR.png, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157625 |
|
1 | |
| System | Get Time | type = Ticks, time = 157625 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15766041990 |
|
1 | |
| File | Read | filename = zdKqdR.png, size = 1048576, size_out = 43236 |
|
1 | |
| File | Read | filename = zdKqdR.png, size = 1005340, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157625 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15766128159 |
|
1 | |
| System | Get Time | type = Ticks, time = 157625 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15766465471 |
|
1 | |
| System | Get Time | type = Ticks, time = 157625 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 43344 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 94 |
|
1 | |
| File | Create | filename = zoYWy0tnNuqg-Zdh4.gif, desired_access = GENERIC_READ, file_attributes = FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ |
|
1 | |
| System | Get Time | type = Ticks, time = 157640 |
|
1 | |
| System | Get Time | type = Ticks, time = 157640 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-03-31 21:13:43 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15767264336 |
|
1 | |
| File | Read | filename = zoYWy0tnNuqg-Zdh4.gif, size = 1048576, size_out = 91998 |
|
1 | |
| File | Read | filename = zoYWy0tnNuqg-Zdh4.gif, size = 956578, size_out = 0 |
|
1 | |
| System | Get Time | type = Ticks, time = 157640 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15767369020 |
|
1 | |
| System | Get Time | type = Ticks, time = 157640 |
|
4 | |
| System | Get Time | type = Performance Ctr, time = 15767976645 |
|
1 | |
| System | Get Time | type = Ticks, time = 157640 |
|
3 | |
| File | Write | filename = Pictures.rar, size = 92192 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 105 |
|
1 | |
| System | Get Time | type = Ticks, time = 157656 |
|
1 | |
| System | Get Time | type = Ticks, time = 157656 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 42 |
|
1 | |
| System | Get Time | type = Ticks, time = 157656 |
|
1 | |
| System | Get Time | type = Ticks, time = 157656 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 45 |
|
1 | |
| System | Get Time | type = Ticks, time = 158218 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15825376402 |
|
1 | |
| System | Get Time | type = Ticks, time = 158218 |
|
3 | |
| COM | Create | interface = EA1AFB91-9E28-4B86-90E9-9E9F8A5EEFAF, cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Keyboard | Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 17 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 19 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 4061 |
|
1 | |
| File | Write | filename = Pictures.rar, size = 8 |
|
1 | |
| File | Delete | filename = zoYWy0tnNuqg-Zdh4.gif |
|
1 | |
| System | Get Time | type = Ticks, time = 158640 |
|
1 | |
| System | Get Time | type = Ticks, time = 158640 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15868468578 |
|
1 | |
| System | Get Time | type = Ticks, time = 158656 |
|
1 | |
| System | Get Time | type = Ticks, time = 158656 |
|
1 | |
| File | Delete | filename = zdKqdR.png |
|
1 | |
| System | Get Time | type = Ticks, time = 158765 |
|
1 | |
| System | Get Time | type = Ticks, time = 158765 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15880163914 |
|
1 | |
| System | Get Time | type = Ticks, time = 158765 |
|
2 | |
| File | Delete | filename = Z8PEjH5b.jpg |
|
1 | |
| System | Get Time | type = Ticks, time = 158765 |
|
1 | |
| System | Get Time | type = Ticks, time = 158765 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15880516898 |
|
1 | |
| System | Get Time | type = Ticks, time = 158765 |
|
2 | |
| File | Delete | filename = y_QmYlvwtNWjwI0tZ.bmp |
|
1 | |
| System | Get Time | type = Ticks, time = 158781 |
|
1 | |
| System | Get Time | type = Ticks, time = 158781 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15881064514 |
|
1 | |
| System | Get Time | type = Ticks, time = 158781 |
|
2 | |
| File | Delete | filename = yWEcS.bmp |
|
1 | |
| System | Get Time | type = Ticks, time = 158890 |
|
1 | |
| System | Get Time | type = Ticks, time = 158890 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15892858477 |
|
1 | |
| System | Get Time | type = Ticks, time = 158890 |
|
2 | |
| File | Delete | filename = yova8.bmp |
|
1 | |
| System | Get Time | type = Ticks, time = 158890 |
|
1 | |
| System | Get Time | type = Ticks, time = 158890 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15893163132 |
|
1 | |
| System | Get Time | type = Ticks, time = 158890 |
|
2 | |
| File | Delete | filename = YBodpCQ1OYUO B.gif |
|
1 | |
| System | Get Time | type = Ticks, time = 158906 |
|
1 | |
| System | Get Time | type = Ticks, time = 158906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15893568187 |
|
1 | |
| System | Get Time | type = Ticks, time = 158906 |
|
2 | |
| File | Delete | filename = Ww lmr4coeaZVkLVzHS.jpg |
|
1 | |
| System | Get Time | type = Ticks, time = 158906 |
|
1 | |
| System | Get Time | type = Ticks, time = 158906 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15893953439 |
|
1 | |
| System | Get Time | type = Ticks, time = 158906 |
|
2 | |
|
For performance reasons, the remaining 194 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
