sgm_20190527_desfuhohdt.exe
Windows Exe (x86-32)
Created at 2019-06-09T15:05:00
Remarks
(0x200001f): Code in memory was overwritten during this analysis. Review corresponding VTI for more info.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: sgm_20190527_desfuhohdt.exe
1170
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe |
| Command Line | "C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe" |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:20, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:41, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa08 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A0C
0x
A60
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| sgm_20190527_desfuhohdt.exe | 0x00400000 | 0x0051FFFF | Relevant Image | - | 32-bit | - |
|
|
|
| sgm_20190527_desfuhohdt.exe | 0x00400000 | 0x0051FFFF | Process Termination | - | 32-bit | - |
|
|
|
Host Behavior
File (255)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\570BCF04 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | - | type = attributes,time,size,volserialno |
|
249 | |
| Get Info | C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe | type = file_type |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\explorer.exe | os_pid = 0xae4, creation_flags = CREATE_SUSPENDED, CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE |
|
1 |
Thread (8)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Suspend | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | os_tid = 0xa0c |
|
2 | |
| Get Context | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | os_tid = 0xa0c |
|
2 | |
| Set Context | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | os_tid = 0xa0c |
|
1 | |
| Resume | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | os_tid = 0xa0c |
|
3 |
Memory (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Protect | C:\Windows\explorer.exe | address = 4290295696, protection = PAGE_EXECUTE_READWRITE, size = 1631160 |
|
1 | |
| Protect | C:\Windows\explorer.exe | address = 4290293760, protection = PAGE_EXECUTE_READ, size = 1631160 |
|
1 | |
| Write | C:\Windows\explorer.exe | address = 0xffb8b790, size = 4 |
|
1 |
Module (125)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | SETUPAPI.dll | base_address = 0x75500000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x769e0000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x75220000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77340000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x76d00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x769e0000 |
|
4 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77340000 |
|
6 | |
| Get Handle | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | base_address = 0x400000 |
|
4 | |
| Get Filename | - | process_name = c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe, file_name_orig = C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe, file_name_orig = C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe, size = 512 |
|
1 | |
| Get Filename | c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | process_name = c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe, file_name_orig = C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x769f4f2b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x769f359f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x769f1252 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x769f4208 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x769f4d28 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x76a74195 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x769fd31f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x76a0ee7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x7738441c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x773ac50e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x773ac381 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x76a0f088 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x773905d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x773aca24 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77360b8c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x7741fde8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x773b1e1d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x76a74761 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x76a6cd11 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x76a7424f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x76a746b1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatEx, address_out = 0x76a86676 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x76a74751 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTimeFormatEx, address_out = 0x76a865f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x76a747c1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidLocaleName, address_out = 0x76a747e1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x76a747f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\setupapi.dll | function = SetupDiEnumDeviceInfo, address_out = 0x7550a7c4 |
|
1 | |
| Get Address | c:\windows\syswow64\setupapi.dll | function = SetupDiDestroyDeviceInfoList, address_out = 0x7550ae7d |
|
1 | |
| Get Address | c:\windows\syswow64\setupapi.dll | function = SetupDiGetClassDevsA, address_out = 0x7550b74b |
|
1 | |
| Get Address | c:\windows\syswow64\setupapi.dll | function = SetupDiGetDeviceRegistryPropertyA, address_out = 0x75567c71 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address_out = 0x76a0b6e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcatA, address_out = 0x76a12b7a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x769f5a4b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTempPathA, address_out = 0x76a1276c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x769f10ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x769f14c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapDestroy, address_out = 0x769f35b7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapCreate, address_out = 0x769f4a2d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x769f7a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x769f1245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x769f5223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLongPathNameW, address_out = 0x769fa315 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x769f1410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetLastError, address_out = 0x769f11a9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindResourceW, address_out = 0x769f5971 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SwitchToThread, address_out = 0x76a0efec |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7736e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessA, address_out = 0x769f1072 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x769f110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x769f11f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsA, address_out = 0x76a0eb39 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x769f4467 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x769f11c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x769f3e8e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetExitCodeProcess, address_out = 0x76a0174d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualProtectEx, address_out = 0x76a745bf |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpA, address_out = 0x76a0eceb |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x769f1986 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x769f1856 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x769f53c6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x769f1222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x769f4950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x769f186e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x769f14b1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x769f196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x769f17d1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x769f3ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x769f3f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x769f4173 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x76c6fd1e |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x76c2ae5f |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x752348ef |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x75234907 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7523469d |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = ZwQueryInformationProcess, address_out = 0x7735fac8 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlGetVersion, address_out = 0x7737873a |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtCreateSection, address_out = 0x7735ff94 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = memcpy, address_out = 0x77362340 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = mbstowcs, address_out = 0x773ba152 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = memset, address_out = 0x7736df20 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = ZwClose, address_out = 0x7735f9d0 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtUnmapViewOfSection, address_out = 0x7735fc70 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtMapViewOfSection, address_out = 0x7735fc40 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlNtStatusToDosError, address_out = 0x773761ed |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = _aulldiv, address_out = 0x7739b140 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlUnwind, address_out = 0x77386d39 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQueryVirtualMemory, address_out = 0x7735fbc8 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrChrA, address_out = 0x76d0c5e6 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrRChrA, address_out = 0x76d0ccf5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x769f195e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64EnableWow64FsRedirection, address_out = 0x76a0ebe8 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = ZwWow64QueryInformationProcess64, address_out = 0x773620dc |
|
3 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = ZwWow64ReadVirtualMemory64, address_out = 0x773620f4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SuspendThread, address_out = 0x76a17d7e |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 1631128 |
|
1 | |
| Map | - | process_name = c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2d20000 |
|
1 | |
| Map | - | process_name = C:\Windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2000000 |
|
1 |
Window (249)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Set Attribute | - | index = -20, new_long = 128 |
|
249 |
System (270)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Get Cursor | x_out = 803, y_out = 457 |
|
3 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
10 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2019-06-09 15:05:21 (UTC) |
|
1 | |
| Get Time | type = Performance Ctr, time = 14783799248 |
|
1 | |
| Get Time | type = System Time, time = 2019-06-09 15:05:25 (UTC) |
|
249 | |
| Get Time | type = Ticks, time = 102742 |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #2: explorer.exe
522
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\explorer.exe |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:35, Reason: Child Process |
| Unmonitor | End Time: 00:00:44, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae4 |
| Parent PID | 0xa08 (c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AE8
0x
AEC
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| explorer.exe | 0xFFB60000 | 0xFFE1FFFF | Content Changed | - | 64-bit | - |
|
|
|
| buffer | 0x02001000 | 0x020392B7 | Marked Executable | - | 64-bit | - |
|
|
|
| buffer | 0x02001000 | 0x020392B7 | Content Changed | - | 64-bit | 0x02031A94, 0x0202C014, ... |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | 0xa0c | address = 0x2000000, size = 1269760 |
|
1 | |
| Modify Control Flow | #1: c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | 0xa0c | os_tid = 0xae8, address = 0xfffd9000 |
|
1 | |
| Modify Memory | #1: c:\users\aetadzjz\desktop\sgm_20190527_desfuhohdt.exe | 0xa0c | address = 0xffb8b790, size = 4 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
3 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 4, size_out = 4 |
|
3 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open | c:\windows\explorer.exe | desired_access = PROCESS_TERMINATE, PROCESS_CREATE_THREAD, PROCESS_SET_SESSIONID, PROCESS_VM_OPERATION, PROCESS_VM_READ, PROCESS_VM_WRITE, PROCESS_DUP_HANDLE, PROCESS_CREATE_PROCESS, PROCESS_SET_QUOTA, PROCESS_SET_INFORMATION, PROCESS_QUERY_INFORMATION, PROCESS_SUSPEND_RESUME, DELETE, READ_CONTROL, WRITE_DAC, WRITE_OWNER, SYNCHRONIZE |
|
1 |
Thread (7)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\windows\explorer.exe | proc_address = 0x771a6930, proc_parameter = 0, flags = THREAD_CREATE_SUSPENDED |
|
1 | |
| Suspend | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
1 | |
| Get Context | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
2 | |
| Set Context | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
1 | |
| Resume | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
2 |
Memory (9)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | c:\windows\explorer.exe | address = 2617024, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2617032 |
|
1 | |
| Protect | c:\windows\explorer.exe | address = 1998219568, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | c:\windows\explorer.exe | address = 1998219568, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Read | c:\windows\explorer.exe | address = 1998219568, size = 4 |
|
1 | |
| Write | c:\windows\explorer.exe | address = 0x771a6930, size = 4 |
|
2 | |
| Write | c:\windows\explorer.exe | address = 0x30a0000, size = 792 |
|
1 |
Module (217)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x7fefd710000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x7fefd5c0000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76f40000 |
|
1 | |
| Get Handle | c:\windows\explorer.exe | base_address = 0xffb60000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
3 | |
| Get Handle | c:\windows\system32\ntdll.dll | base_address = 0x77160000 |
|
3 | |
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x76f40000 |
|
2 | |
| Get Filename | AVIFIL32.dll | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\explorer.exe, size = 260 |
|
1 | |
| Get Filename | c:\windows\system32\ntdll.dll | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
3 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = __C_specific_handler, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = __chkstk, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x27fc40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x770491d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7fefd71d710 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrRChrA, address_out = 0x7fefd5c4c9c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76f50a90 |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = FindWindowA, address_out = 0x76f68270 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76fbbae8 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = RtlExitUserThread, address_out = 0x771a6930 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x770513a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SuspendThread, address_out = 0x77042f60 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 2618464 |
|
1 | |
| Map | - | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2670000 |
|
1 | |
| Map | - | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x94b0000 |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
2 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 109481 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Process #3: explorer.exe
12678
2
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\explorer.exe |
| Command Line | C:\Windows\Explorer.EXE |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:40, Reason: Injection |
| Unmonitor | End Time: 00:15:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:14:39 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x458 |
| Parent PID | 0xffffffffffffffff (Unknown) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A64
0x
94C
0x
928
0x
5C0
0x
6E0
0x
6C4
0x
684
0x
324
0x
32C
0x
334
0x
664
0x
5EC
0x
56C
0x
554
0x
650
0x
640
0x
634
0x
61C
0x
5A0
0x
564
0x
548
0x
544
0x
540
0x
53C
0x
530
0x
528
0x
520
0x
51C
0x
518
0x
508
0x
4AC
0x
4A0
0x
490
0x
48C
0x
488
0x
464
0x
45C
0x
AF0
0x
AF4
0x
B00
0x
B04
0x
B08
0x
B0C
0x
B10
0x
B50
0x
B60
0x
B6C
0x
878
0x
6A4
0x
740
0x
91C
0x
954
0x
9A4
0x
9E4
0x
970
0x
B90
0x
9F8
0x
BE8
0x
924
0x
9F8
0x
530
0x
534
0x
BE0
0x
AC8
0x
AE8
0x
768
0x
308
0x
A40
0x
7E8
0x
53C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| ntdll.dll | 0x77160000 | 0x77308FFF | Content Changed | - | 64-bit | - |
|
|
|
| explorer.exe | 0xFFB60000 | 0xFFE1FFFF | Relevant Image | - | 64-bit | - |
|
|
|
| ntdll.dll | 0x77160000 | 0x77308FFF | Content Changed | - | 64-bit | 0x771EB380, 0x771882AE, ... |
|
|
|
| buffer | 0x030A0000 | 0x030A0FFF | First Execution | - | 64-bit | 0x030A0218 |
|
|
|
| buffer | 0x094B1000 | 0x094E92B7 | Marked Executable | - | 64-bit | - |
|
|
|
| kernel32.dll | 0x77040000 | 0x7715EFFF | Content Changed | - | 64-bit | 0x77063580, 0x7704E390, ... |
|
|
|
| advapi32.dll | 0x7FEFD710000 | 0x7FEFD7EAFFF | Content Changed | - | 64-bit | 0x7FEFD71D680, 0x7FEFD72C310, ... |
|
|
|
| sndvolsso.dll | 0x7FEFB650000 | 0x7FEFB68AFFF | Content Changed | - | 64-bit | 0x7FEFB657818 |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create Remote Thread | #2: c:\windows\explorer.exe | 0xae8 | address = 0x771a6930 |
|
1 | |
| Modify Memory | #2: c:\windows\explorer.exe | 0xae8 | address = 0x771a6930, size = 4 |
|
2 | |
| Modify Memory | #2: c:\windows\explorer.exe | 0xae8 | address = 0x94b0000, size = 1269760 |
|
1 | |
| Modify Memory | #2: c:\windows\explorer.exe | 0xae8 | address = 0x30a0000, size = 792 |
|
1 | |
| Modify Control Flow | #2: c:\windows\explorer.exe | 0xae8 | os_tid = 0xaf0, address = 0x0 |
|
1 |
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{F5FB2C3C-D05C-EF89-82F9-0493D63D7877}\01D51ED4E3ECF92009 | 98 bytes |
MD5:
8300d5664c941280c3722332460aec5e
SHA1: 1a5b5b62edfc00b9ad8d81e35176f819374d707a SHA256: cdcb320fb42cfda2242545901e14fcd8efe5c2ebbd6cd2ca79094c020df05b7c SSDeep: 3:Lnkrv2UMADMMNBJFN1vg1CwWEGPSNN1vv:LW2gDMMNBPXg1zLXv |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | 156 bytes |
MD5:
746e3d700094446588b13eb1cd127850
SHA1: 1f9d302dc51aeb9f8adfb8c3e84808bf21c8eb4a SHA256: d0c060520fc243776ee98eae161bd9cd603035693230c0987fb3f5373526db4d SSDeep: 3:tFoYXBsJaQGQbJxzp4E2J5xAIkLW0HbRQ97xHMLH7ACLkhkUghGmSVd:tFdXBW/zpJ23fCvVQ9FHcySUkGmSVd |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ff\\3y2joh8o.default\cookies.sqlite | 512.00 KB |
MD5:
6389834774166f7a20359003254939f2
SHA1: 7b996a476a9f7fe763ab19c39d3dc318966d18b8 SHA256: 23b1cf9e40b9ba27ec7eb7cd01b4609e4418aba063275fb2a0aebcf28f8f8620 SSDeep: 96:Dbn5HKlV8/VDHLRilOhFTFf6FdqA9LJp6Y/e2DkrGJ6hmCcaLeU8ukONPk7iriQ:3n5HKEnhTFiPsvW7iri |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols\macromedia.com\support\flashplayer\sys\settings.sol | 291 bytes |
MD5:
d9ccbcbe064026d42c932347b2b1e72f
SHA1: 7b9617a8407a10adb164ed86647b14ffb83ad79a SHA256: 99fee6cdbd087a572dfc2c220e33e383d98120971385c7e90fca3d2f33c0d0ea SSDeep: 6:o2RoRy/rfnxRBwbJWhppYk3QPRhJtuHiyYyczw8:kR+fnxRKb0H4XoHiyUE |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\aetadzjz@g.live[1].txt | 64 bytes |
MD5:
9f04c55f87cff421e53e3ca99f73ea20
SHA1: 33c285d504d42d5f028abaa55dd2c2ad0bafaec3 SHA256: 4cf2b3be29d12a6374d98b652821b82544488f72f7ae97a54332ec039483c3c3 SSDeep: 3:U4LJMKUQ2JcFbQD7QQQQR6Z:ZEXJcBo8Z |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\aetadzjz@google[1].txt | 281 bytes |
MD5:
4ad92a47e3ca837b5ec7b4fc139c3221
SHA1: 32f0a4e640534cc27a24fb4d4a639af53f28890e SHA256: 6286e1a07827a201023ea4d90b402005c93fad6b3457e750efb5990851517036 SSDeep: 6:sE3G3mOdk/p3IAnS0Lg70j84MIcmD0g8v/rPlCBn2f7FQ:sEW36IAnSygbIcW0gG/rNCB2f7FQ |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\aetadzjz@live[1].txt | 95 bytes |
MD5:
7fe1b46770b1edec02b272b2f6dc7d91
SHA1: 57d8f09e6e5dc96069444d8d4d0de0d33aada7c8 SHA256: abdd91371dec97c6c397f2c764b54da2451c59f8d881b3b0b8c92fb8f8c834f6 SSDeep: 3:eNTHjlQKYXnzjTYKUQ2Lc1UOVTdXQIsQR6Z:eTHjliDjTYPXLc1fdF8Z |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ad.360yield[2].txt | 443 bytes |
MD5:
349063a08e23fe42f87f331738f500ab
SHA1: 495edf3de6f1855d4475636b61a9ef20b8a67fb4 SHA256: e4533cc58099e0e57a4682c7b85f102735f617031ece33e346f9e1ce72becdbf SSDeep: 6:654LYiDW0MyREmVj/qnjc9MyREmVj/tVQvbDPj5+WMyREmVj/hrmuyREmVj/n:Gyprlmjc9trlSDPjbtrlhrErln |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ad13.adfarm1.adition[2].txt | 89 bytes |
MD5:
d36376ffd512293f10f54b05339f5fcc
SHA1: a657dbfcad15f05f579046a79d811dced34d2626 SHA256: b3730ba9d5755b8e132847ed41d1e7d26a7bb5fe1e1af12b99cf4e915cff5c7c SSDeep: 3:39E1CRI0Xv7YfWUyRASTaXWLTc0LZ/:tE1CRIVWUsNaXWtB |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@addthis[2].txt | 179 bytes |
MD5:
425f569793e03058495b8ddb41647dbc
SHA1: 0b0a2f9b2f35b94da0d272942aeca2f0299ffad4 SHA256: ab9196fcc65d03f3a109469cfdbdc5cbacf9e63429b3a87807e1c361633266ef SSDeep: 3:Z0QUJGUQQSnL20Xv7YebYl+cczT749qXvtXzCqscrX20Xv7YebYl+cczT749qXvn:6h7+t/75/tXXscC7+t/75/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adfarm1.adition[2].txt | 101 bytes |
MD5:
05e47f75ad4c57aecc2cd087b11a5ed0
SHA1: fb2065bcb79606c392848b78cf3256ed5f3a55f3 SHA256: 1acffc57281297470896734f90e6dcea2b9564ae2cc949ecc3101287eb82ffde SSDeep: 3:jA82pTTSIklRI0Xv7YfWUyRASTaXWLTc0LZ/:atlklRIVWUsNaXWtB |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adformdsp[2].txt | 93 bytes |
MD5:
7780ebfe715c98bc46685817d227292e
SHA1: 39124bec544f6ee71b082c9d5dfc40f8e03e4621 SHA256: 9c58c449db1a30a726b4e0193f0fecef7912c5b91ad13a4e173d56bc0516f902 SSDeep: 3:ZSSTNRFFyIvKvXv7YeEkaRLSgm59qXvn:XtFyZgNB/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adform[2].txt | 302 bytes |
MD5:
ede7810617586a3ac574242d8549bf3f
SHA1: a53b84555a12482a8e8c9f9b7db6d30d9017dcbc SHA256: 27d67899d4718c659a59fcb38b617e8adb669b45321aab5fec4178891300a675 SSDeep: 6:oPcEUUdOV3wQ/twCVWB/fgUcRV8Q6/nXtFyvjmzQB:o7Ywmt8f6AnXtFyvjmzw |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adnxs[2].txt | 745 bytes |
MD5:
c6bbc80bcccf4b3ca5083c1172f4113e
SHA1: cadab93387c57abd346cf4e8aaf355da4e7b9b4a SHA256: 4e8b03d82c41395a2a138357a3571d9769b6eedd328688875949ad7bbc4504dd SSDeep: 12:q6P6cm+JV3qUg25fTs5hI+hdj7pzehH8+WnuMVFCl0QQeSe50F:b6cTJRNs5hIaFdzehBWu85m50F |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adscale[1].txt | 87 bytes |
MD5:
a8b14909816b0779c38d923ab73d9dda
SHA1: 9ac149f9daa446a420c1130f869404143732afa1 SHA256: 3836fa428fe17627975a611dbc38d6bf95aad3cb85a29882e84e069641019220 SSDeep: 3:FJWWUDLgJNKvXI+YfTf12W5Sz+UVY59qXvn:7zjuSToW2V/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adserving.ancoraplatform[2].txt | 251 bytes |
MD5:
4d450b81ad0b6a080a5ebebd9e337aed
SHA1: 4709ab9ac314d7ef09033ab89f9275ec70361ae5 SHA256: 1b2b4ec56577b4a76d4b3cc64f4250cf4282a3e4541c940ec08e348ab8428c0c SSDeep: 6:qnRX6qjeva0/UBtuzG8TRUpRz0X6qjeva0/n:mnav9UDuq8TRUp0av9n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adsrvr[1].txt | 243 bytes |
MD5:
0ec4eca358f2237af0c42934b621b5ce
SHA1: 1b2702ca9ca93ad1a7a12e45551947784b710115 SHA256: 320b7e1cd1967e6486009be629c4f2a2235fa06d554d37a16458731b3c392c5b SSDeep: 6:A7GDQEvDgAUuvQU7Y0/CxpV7VRhYyLv3LnlcZvQU7Y0/n:ACMEWrUbCxp1VzBLvDRUbn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adtech[2].txt | 102 bytes |
MD5:
452a82aabe089eb4f4c3d43ee47718d6
SHA1: 365464a30fda807c7c71d2114830f30eab179018 SHA256: 94799bee1444440eb85563de077c6a8407e8308a58165e97ca399201fd764c02 SSDeep: 3:JhTWQU9XUNqUkSuFoAGNLBI+YeL/4v+UQdTZRvW59qXvn:XI1vUUCB//4v+Jdzvx/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@advertising[1].txt | 280 bytes |
MD5:
55662c26c06c19949d929d644a4023b0
SHA1: eec41d2cbfd19571ec95a3d93d370c3a39da83cc SHA256: c1a3144e95ef49ea7033bf2323b80180d3e9bc5bb119c02e0fcfebd5a2fff482 SSDeep: 6:9sFu++eLXyFo2HyScX00x/TQDeLXyFo2B:9LGSV05Ted |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@angsrvr[2].txt | 222 bytes |
MD5:
785fcd708700916091a19dc7f57f4a63
SHA1: 2bf7e38cfb2955ec8203fb8d6098ff98bd7fccb6 SHA256: 541fbf6a39469e0e5138e803b839e9fd4dc524d1fbb0dd3599a369eb287c866a SSDeep: 3:FA2fEWAU8ImHJVoEvv7Yea1Zd6U5Wvvg9qXvQFMBIhXCWLIaTNRFoU3gFpWXhv7v:xEHHXAN5Wv5/QFAcXVLtJtXEN5Wv5/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@api.bing[2].txt | 223 bytes |
MD5:
544e2ee97b0f59feb1db3dac906e74ae
SHA1: 69c7499fbb3499e38d37393e2c306b3c6ed7c9fa SHA256: b90bb9ae2699f3ccec9cba7457298089d24f3d9d0cc64b6049818753a1e08390 SSDeep: 6:zCAVdUncGav+R6UB/YNoIjjgj6J+OXuv+R6UB/n:zJnu6qYNogIEX2u6qn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@at.atwola[2].txt | 515 bytes |
MD5:
5973db3528805734eae11aa1c71cc886
SHA1: ace5a185db15c1322b6ba03cefda0627e799761d SHA256: 261a1b6500e0861d12d628bca83b1af9f9456b82051ebfe57e5fdf416a7c4136 SSDeep: 12:9iJshlE9JshloLrfDXfJshlWX4AvRv5q/uIOUT4AvRv5n:99l7lovDulavRv5OuIjrvRv5n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bidswitch[1].txt | 289 bytes |
MD5:
7330b4edde97909318145138010da381
SHA1: dd13126f2259645e4e3a3bb720734ebbae5ae1eb SHA256: 2ffe7d9bda989e0d7078005326d895cc1b199ac69470bffc411bee6222ee3153 SSDeep: 6:6AtuzG8TRUFkqJU1j/qnjkXQkqJU1j/EYkXQkqJU1j/n:Puq8TRUFjUFmj1jUFEY1jUFn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bing[1].txt | 264 bytes |
MD5:
de26f80226655361c9cdd6fbaee26c0c
SHA1: 3ad2b95ea1f5dd11bf36ef75b5113c8e383b8db3 SHA256: 332907b5b80c12d3bde3597ce177768305c00d0e6d8f5a83062afa34942c3db5 SSDeep: 6:Ejjgj6JZ56sv/SW3omv+bT//p/ev+bT/n:sI6njSd+K/dGKn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bluekai[1].txt | 162 bytes |
MD5:
7b847ac4e71703833c0b4af722540658
SHA1: c952b7bd03a3ff328bf945dc71439afc6793d782 SHA256: f60ff8ba4df3741c025001ab4ad4c7aee8f61c80ef0265f49e1d79ac0ad143d6 SSDeep: 3:pNN1gyTuv7YfSuW5W8Skrg9qXvuQDecYJ1JRoyTuv7YfSwgJW5W8Tim59qXvn:payTVSZFrx/LecioyTVSwpiB/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bs.serving-sys[1].txt | 93 bytes |
MD5:
0caeaad9af0a20b16d10228f6f696c74
SHA1: 064061efcbeb33a18ed578212d4532090b6a05b0 SHA256: aa2ae12ddaa10b7edee5aa79012c83e1066c9b6c29ef8e7e8ccb336c176e9616 SSDeep: 3:5AHKWqkUVZsHdyKvXv7YcYYSc/gp1Qo49qXvn:NWqdDsHcXYSc/gp1v/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bs.serving-sys[3].txt | 111 bytes |
MD5:
a7418dccddf82410a611a0c79f6b7c99
SHA1: edb72021e341c82defc1e678665a24c93f3cc7d9 SHA256: 53379b933d725e0d217785f3e4458436decbf23b8e412430003ba0a858857484 SSDeep: 3:1XXM/KT/LHdyKWAXALCMYeFCVGoRVkLZ/:1XXMyT/jcNyA/CQc2B |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@c.bing[1].txt | 560 bytes |
MD5:
f07537748c17e17f72658a27a025dafc
SHA1: c2a20a4156e605818752235c631f6300d6fe810a SHA256: 9a69de0652fe8324a6d5d0469fd6d3aea8ad029364aac1bfd0e5454837a448c6 SSDeep: 12:8uvNYz+Fm/4pYNogIYkXqiCWSYxNIY2KYBExpnghY6RIY2Kn:8gNYSFxr6iCpYaKYQpghY6EKn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@c.msn[2].txt | 130 bytes |
MD5:
2ce490761cba48f1f4ca4c0e41e38ffc
SHA1: a78bb96f0dc35cb8046903a32d1ee7b83d1afab8 SHA256: 171a52b59dce13dacbdfe0c84b5ba1a99ed78f9f8f918fa6aa0b41be5d60e6c5 SSDeep: 3:U8LfyKfUVXJXiT3W5W80cQw9qXv8tuvF2yKfUVXJdQCdhvWEJcQw9qXvn:FfZ8VXZiKqhB/8tuvQZ8VXTQIzJhB/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@c1.microsoft[2].txt | 144 bytes |
MD5:
6094cbca564f2b56483e4920d86e154b
SHA1: 9c4f8c0abafe901ddf25350d2c1bcf0f59f80723 SHA256: 905a79cf1772e3b13914774691d2fa4af231ee76347e9b77a5d7b4517a9c9263 SSDeep: 3:U8ULA+tRMVXJXiTOgJW5W8TeUC59qXv8tuvFQ+tRMVXJcHQXXvWEBUC59qXvn:AA+DMVXZiupLV/8tuv6+DMVXv/ziV/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@casalemedia[2].txt | 537 bytes |
MD5:
f14055b0888ad6d050f664d481e4877c
SHA1: 45218b265962370893368ecaa75b59f88b7b437e SHA256: b7a83fbf73ceb890890b11ed8201ecae2d6192426ee18984dbddfe378f740117 SSDeep: 12:Bx/eUKSfbNMSf3NMSf8FA5f8FA5fNOOgwleUKSn:BpeURTNMSvNMSUFckFctleURn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@connextra[2].txt | 325 bytes |
MD5:
67b01882dfc129bd00262fa371f6a741
SHA1: 41bba9d36c9c525c3493be72bb50790ed56f757a SHA256: 8797b11dcc9d20fe3d5a2e5fce9fc4352d0e4a78dbba6e3f238237563dd23772 SSDeep: 6:KOBU9JOXQaVVv+jB/XhRl0tSj3lDCKf3AAPIf3AAESzOJMXJUKWB/n:IAXVVvsXhcgj3IKfs3OgUKwn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@crwdcntrl[1].txt | 296 bytes |
MD5:
cdd6ddcd7f92395e37212749dc65f0fc
SHA1: 0b52bd48fd424234e822c6adfecc1ddcce1382ee SHA256: 07453614e795fce6db1483b47c20125eacd398c49047535b2141ad527efe604a SSDeep: 6:BqIWBXv+zKWs6iVY5/DMHAZhXdVVLzKWs6iVY5/DghzKWs6iVsVJx/n:BqIWBXv+zKxVYhDoAZhXXVLzKxVYhDOt |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@demdex[1].txt | 111 bytes |
MD5:
266e18cdbe93733eed5e605620adc691
SHA1: 1730bd6e6b9fd409a4520cc64e0d64be76bedb81 SHA256: 776340cfb7c888a3930164adb29ccdbf020916a541b4319ae00705da4a6625f6 SSDeep: 3:+elRWdTGVKVVBPFOLv7YfSuW5W8ZT749qXvn:HzWd2K/3SZH75/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@doubleclick[2].txt | 274 bytes |
MD5:
691dd0aa35837e8ff4d89fef2455df22
SHA1: c65765886e18410984bd5968624fcc76e328aec3 SHA256: c8689ac596de5e6579a0b756d47f9033642ce71b526daa25ed67b19ad6744f99 SSDeep: 6:AoXjf+ouDFGEWjYGv+R2OV/Fjo41kCxD9nnjYGOXuv+R2OV/n:AMuDFGEWMeu20z/D9nMzX2u20n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@dpm.demdex[1].txt | 112 bytes |
MD5:
62d977d377a32f44cd4626c5b129d8ef
SHA1: 63ee183dc5b3d648b1bf1186dfb8532ea3604458 SHA256: 00f3c6b0e4003a65c482d22468df8a8b1eb2400ace4dd007c94b222ff8adff78 SSDeep: 3:WQX1RWdTGVKVVBPEALv7YfSuW5W8SfZRvg9qXvn:W+Wd2K/SSZKZRvx/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@exelator[1].txt | 342 bytes |
MD5:
e2297c72be318b191a50c42ba9e65230
SHA1: cd19821c7a7e6f480b2d976fc7895d1d3950021c SHA256: 7fce39f674360ffb4f264ceaadf216184bb080c3d6830ccc791c4940e236496c SSDeep: 6:TCjVLkQDzBYUcG2OxAM/gAvMp+ZuHqMPvrTIM2y1cTjes2s3XQ3xUcG2OxAM/n:TCjVIYqUcHogvp+ZuKW3weWes2snQBUT |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@eyeota[1].txt | 103 bytes |
MD5:
097371c2c720667ee156c6f9ae4e11f0
SHA1: 81787f3f65f24cd735c2f20999380538b05af802 SHA256: eaef0872449cd292284cc792e7dbe5e5645c686cc126c269da24af2eb45e4e50 SSDeep: 3:5l7MrBN4HScFMDnHF7d4v7YcUJeZsbmW959qXvn:fE34RMhpZJUKi/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@google[2].txt | 194 bytes |
MD5:
41e320b0887eac88f73cd72e0e7e4c47
SHA1: 634150fa4bc78ec2296e29fefc272bee3bf5eee9 SHA256: 23ab8341422219f13372d5b0ddfcfeda1e641392743a5d3d9663e1b68901db65 SSDeep: 6:sUrvMGGCbpDd7htEbv38PiI5RW1mGwmiNmvwz5y:sq3HEmWTwmkmvi5y |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ibeu2.mookie1[2].txt | 311 bytes |
MD5:
e35ae2af41fa685603e8d0fac9898b10
SHA1: cc0f204758b5d597805a5463dad1333f57a36c66 SHA256: 81f050e285f3510bfb6dffb48fe89aef4795b97af8cbdca1e73a765c1e954b6e SSDeep: 6:GON+dRh8pWgsTBTW7BaGYIuTTBTU9uUMXiU1Jx/uwa8IVFTBTU9uUMXiU1Jx/n:ZNbYgsVT0BaGoTVTU9uuUL5E8IVFVTU8 |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ih.adscale[1].txt | 129 bytes |
MD5:
3583c4ed74fe486dc971e510fae454bc
SHA1: 31114cf4d88542b9ebb680da91e5387a6bf6240e SHA256: 691141731d671a9d568d0ea068853b4eb1b404b008af62a5caadcacb98e305be SSDeep: 3:IWByxbIOzNRFgXxpfBBgKEg40E07YeU7WUSR4Zd7h+UVY59qXvn:IW1ONMBgfp0EzTrVhrV/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@linkedin[2].txt | 269 bytes |
MD5:
a92f18a2291b4a049067c2171a5a21e6
SHA1: 384999cc2ed8416c9e16d1b965317e1fe41186f3 SHA256: a9eda19fd668fbc9216ae75a0a3675cb0f903a0b3311da40f5d2f87220885c72 SSDeep: 6:ABYgA8GB396TDGS6mdcwMJx/S2VdzfNFnF01eEpTPUMQfwMJx/n:edGR96TJQwSSoIe4TiwSn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@m.exactag[2].txt | 118 bytes |
MD5:
91690f09812c5f0813d6424c8d8478d0
SHA1: d4f48ed6643a1b8235198ae4993b256d19e1441b SHA256: 6cef9b8d8107aab7d5d5a5c7f89abf22868bbb00d26199685ad06b85b82db06a SSDeep: 3:4i30DEWDtblSBDLeAdEGRuGvXv7YfRLAqeZs2aI+LZ/:4iEYsIBDq4EGuJdUg5B |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@mathtag[2].txt | 289 bytes |
MD5:
59f244cec8fe03a5a8f394de55d15896
SHA1: 8166099f7d256efc72cd83874ed55cb0fc68b589 SHA256: d8bd84b23169f77551f4d1c2783c5886c2b6d88a8a55814ddec76cd6403c5f9e SSDeep: 6:iisE8nDF9J1Uc0/dJDWfm0fiWc3FFfSLUczo5/n:9GDF9JecSLDWfmJNXfBcUhn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@microsoft[1].txt | 577 bytes |
MD5:
be3594804bdb63505e727fc044d27797
SHA1: 3015f498263967cd6d83fbce420a5039f4399c35 SHA256: bd892cae68ce3277fe193fb642a52d923568aadda7c01c5f8b9affb3d905afa7 SSDeep: 12:FNzjXbLM7rcq3aBzsdxtycEx3uDEwpbgFAwBuDMTVT95QXIaDM9GX7Tln:FlrbY7r3Kzu35eutyeQfmT7Tln |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@msn[2].txt | 823 bytes |
MD5:
7cb1506682d8806cc94df145d167a35b
SHA1: b103d4281445f30b689fff9f12bf12b6bf83b2a9 SHA256: f492bf5421a8026c9c3223870b228b50ec6ba0f0bf035ad906f6cd9f1548d2e0 SSDeep: 12:uFJLs4X+QMzpdXi3c8PVPepzM5UPkM5UPLhDOFkQKEx99MnQWY6YGsBTVxqq8TVS:uYaQddeD2UUPbUPLdakuUQWZtsatHUTn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@openx[1].txt | 114 bytes |
MD5:
cd6efa3586b36158471d799f7dea9203
SHA1: 9d140d7951e687cd680ff562b57ed6485735727c SHA256: 6c64105061ed480870801751d8807108229104cd31c1ff0656ee9a07d9681231 SSDeep: 3:uB6IcLuzHy06HhcmWLBLv7Yc2SdJeZsb97O59qXvn:O6IcLa8h+UKT/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@pixel.rubiconproject[1].txt | 111 bytes |
MD5:
3dadea17b5cb989b4b62d1100544018f
SHA1: ec8899d3470ac3223c8bc003c080abe07de81d2a SHA256: e34a99e2e1b0c407c0fd6408459807f520dec7798a349aabee8a6ae8785a6027 SSDeep: 3:nvqVNcSy/nmNMKsQ94RyK/v7YeU7WUSR4Zd7hG49qXvn:STJCmNMTQqRZkTrVhG5/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@pubmatic[2].txt | 187 bytes |
MD5:
613f9c53ae10c0692f3476c65c1f0a03
SHA1: beace35c7eded7c8bb93eaf01bb1dbcc350b4efe SHA256: f7fbf563dca6c05536971b0e5119c88ce54c856cd60e3e62b9ae2b3190ee08cf SSDeep: 3:BqVsIvXMPgNRFUQHIwLd/v7YeVRUU1Zd7tzT749qXv7IwLd/v7YeNLFSVnQT749o:BqVsS4mJ/ZBSUrVt/75/7/ZhEnI75/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@rubiconproject[1].txt | 298 bytes |
MD5:
e7db79ff27ba59c473ed375898871045
SHA1: cf11fd4715d2d8c56319d7f8c244ef64ad865210 SHA256: c7d1d64af9334a17b3111b45d833170193793df72b9bbf6e77a8d8bbf4d6bb78 SSDeep: 6:GRBlHwqRZkTrVhG5/j8cmt3qRZaSPmq5/KoUQqRZaWInT4y5/n:GRX3ZCGhYcmt6Za3qhKoKZaN0yhn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@scorecardresearch[2].txt | 204 bytes |
MD5:
98e92029d9f2bf1a02be68fefcf9b97e
SHA1: 964ff54971fc3afc4e8e92cb1a7a7d0ff80b8400 SHA256: ff26db0f5f21756af5e23ac4654adabaec898dbc2eb99d61e6ccbe89ed8ade81 SSDeep: 3:HUHW/wWWChcXwjLRA+mv7YeJlmXfWMe9qXvfCgjLRA+mv7YeJlmXCDrg9qXvn:HlKURQlOWMj/fCURQl9Hx/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@semasio[1].txt | 90 bytes |
MD5:
cd1383de192459a569e41b51bdf875bc
SHA1: 9690b05b9d9b44a1d8dc3853774b76d32f07fcbf SHA256: b7aeff232785ee8c3a12843ae3248de3002134457fdc7ac85928374f4ec155cf SSDeep: 3:ZMAOxLLLzPv6NljficfW5W8T59qXvn:WAOx/KzmpG/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@server.adformdsp[2].txt | 108 bytes |
MD5:
eb2e688ee64880d479b233dcd7f6a29a
SHA1: a11a376762babacc44c8d6b6c4007cafe51a5b47 SHA256: 296a1c87210984f2646e26c3ec199056d9e3ca558a907842e590575613916cfb SSDeep: 3:lBT6STNRFqVjrQIvKvXv7YeEkaRLSgm59qXvn:lBdt6QZgNB/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@serving-sys[2].txt | 460 bytes |
MD5:
9ac10a5e549a9ba138a8d7ec7d33b752
SHA1: 2626bf4c6fe24d87f060e4b6b7ec488eb86afcbc SHA256: 3b2062bfa93f93f4dd2b50e418ccad01f15ad9aa479e22c1f689fa926f10fa04 SSDeep: 12:IZx2vNnbNJtF/VTsQcIaFQcIab5xf17dQA:1vNnbNJ5bAqAb5Xh |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@serving.experianmarketingservices[1].txt | 413 bytes |
MD5:
df3e96d630d4a5877668e330023660e0
SHA1: 3aafe459af5db3bdba3379daf596819e38270e1d SHA256: 9f2fed7838cc78ca53c313a5a348354cf5b86513152289add24db6996398b42b SSDeep: 6:6AtuzG8TRUbKQXx5fTJcEXK0/qnjO3QXx5fTJcEXK0/t2XtuzG8TRUpRtQXx5fTT:Puq8TRUvDVtmj/DVtGuq8TRUpkDVtn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@smartadserver[1].txt | 287 bytes |
MD5:
38f6121f03a37dbad3e4299a5be2faae
SHA1: d36bfdecaff3f36bd6a1293adb4b7677cd13f69d SHA256: f73ef83f8cbe4855d0cba659fe77aee5130f9981df2d95e14bd35edd08095a69 SSDeep: 6:++CsCvWDHajp/n8bsCvWDHajp/LvtXI1sCvWDHajp/n:+SCv8Cx8QCv8CxLvtNCv8Cxn |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@tapad[2].txt | 198 bytes |
MD5:
65a96b04458eda07a469dcfd9dcb0aca
SHA1: 318242d3f63ebe8b377dc772dbe201fe8bde68a1 SHA256: 40944b9a3d139290a24ffbc76a85bf1804b34673baaaa8b0bb9617b7c51b2b42 SSDeep: 3:WkHKxoRVrv7YeeSLS0ZRvg9qXv9JVNIERYUvdHIvT+XBmJxv7YeeSLS0ZRvg9qXv:Wkq68ItZRvx/jIERYquipItZRvx/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@track.adform[2].txt | 177 bytes |
MD5:
58d3c92809d1d0f90a66b0ef1fb169eb
SHA1: e3a015a590901821fe7af8446fcc9ba9fb1618df SHA256: d9dcdd248af850b28807d748a769c8b7d5c5212ac1fdc6ba429e4b29f2c07204 SSDeep: 3:xRXE1oQITv7YeLcQLS1TTC59qXvCUT6STNRFqVNvkoQITv7YcwjSZRXZQZ/:kuQgvOTB/XdtOQvjmzQB |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@turn[1].txt | 87 bytes |
MD5:
65f37b2d5d5025a20e7b58f0ccfa98ba
SHA1: 740c7d0f087eb53c3b9fe2247eece2c9c02394c3 SHA256: ea2c10eca2514a9303cdb37199260011961c8b77afa176249b105a4f3b79b5f9 SSDeep: 3:ZMjoeYpvXv7YfSP3W5W887O59qXvn:dpKSPmm/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@w55c[2].txt | 89 bytes |
MD5:
a3363029fa13101f567e0c5ce868f576
SHA1: 615d1e327c2df9a5dfa81253015b5c1d49b16203 SHA256: 13d2318ba313945e4fe52bc97f4881a91691b9cb925265c7c9fd0bdf21daaefb SSDeep: 3:442CAjfP/Lv7YeMS6XvWDHTWeNdV2Z/:471j+XvWDHaodIB |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@www.bing[1].txt | 117 bytes |
MD5:
66d2088d8d2343443be752038e07213c
SHA1: e164d80a3071df692d3281ab29828b5842e22bf1 SHA256: 176f2e5e6e4aa9c7fb48cd137b29d0504594865668925b0d927e5296f84f2f1e SSDeep: 3:zCshvjw2j9s4RBG5Xv7YeNYVv+WcO9qXvn:zCADrzv+bT/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@www.linkedin[1].txt | 168 bytes |
MD5:
5e15c2fa34e0bd66cfcd4bf729eedffc
SHA1: db959aa76ae55790aa6bc3f7811bc880612def3e SHA256: f585e197f351085982ad39d1c4536ad6752452d806f5d463f9303de24c84d914 SSDeep: 3:sUcmbc/+sT90dbGtVigR5skCtr9KvBTKfXv6NPXdXS6FkdcwMJW59qXvn:AmSF90dqthRahqBTJ1ZS6mdcwMJx/n |
|
|
| C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@www.msn[2].txt | 1003 bytes |
MD5:
bebef28f495eda7703ce649ef91e7767
SHA1: 5beb824bf210119e1f3e6f2ea1300bd1b6e5a9c3 SHA256: c28580cfe615196150d548bd934aae33c8b6684e0d324659d13bf26d4d879ca9 SSDeep: 24:YTfyr8bPXhHYkCbw665UJ/02y4OpRgj4Kd+R+oRjOcmFQPYQn8:QrPXpYkawiJ/0KOpisKdbmOHQi |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | 159 bytes |
MD5:
5e18cf92dd6e9b29915e1ff031a02ec4
SHA1: fd427764c308296721d3ce56915ac5ed3236c8f1 SHA256: 3373d2768b603e2e396b679a58f161f77327da89fe05fa4620d12936646d75dd SSDeep: 3:tFoYXBsJaQGQbJxzp4E2J5xAIkLW0HbRQ93HsLf1Jxzp4E2J5xAI/:tFdXBW/zpJ23fCvVQ93q9/zpJ23f/ |
|
|
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 3C374A40-BAE4-11CF-BF7D-00AA006946EE | AFA0DC11-C313-11D0-831A-00C04FD5AE38 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 |
File (991)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
3 | |
| Create | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{6A5E21FF-C1FA-2C95-9B3E-8520FF528954} | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
3 | |
| Create | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{F5FB2C3C-D05C-EF89-82F9-0493D63D7877}\01D51ED4E3ECF92009 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\E3D6.bin | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{F5FB2C3C-D05C-EF89-82F9-0493D63D7877} | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E} | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ff | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ff\ | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ff\\3y2joh8o.default | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols\macromedia.com | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols\macromedia.com\support | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols\macromedia.com\support\flashplayer | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols\macromedia.com\support\flashplayer\sys | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie | - |
|
58 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low | - |
|
1 | |
| Create Directory | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low | - |
|
55 | |
| Create Temp File | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.tmp | path = C:\Users\aETAdzjz\AppData\Local\Temp\ |
|
1 | |
| Create Temp File | C:\Users\aETAdzjz\AppData\Local\Temp\2855.tmp | path = C:\Users\aETAdzjz\AppData\Local\Temp\ |
|
1 | |
| Create Temp File | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.tmp | path = C:\Users\aETAdzjz\AppData\Local\Temp\ |
|
1 | |
| Create Temp File | C:\Users\aETAdzjz\AppData\Local\Temp\E3D6.tmp | path = C:\Users\aETAdzjz\AppData\Local\Temp\ |
|
1 | |
| Create Temp File | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.tmp | path = C:\Users\aETAdzjz\AppData\Local\Temp\ |
|
1 | |
| Create Pipe | \device\namedpipe\{5797b6e3-ca4c-a155-8c7b-9e6580dfb269} | open_mode = PIPE_ACCESS_INBOUND, PIPE_ACCESS_OUTBOUND, FILE_FLAG_OVERLAPPED, pipe_mode = PIPE_TYPE_MESSAGE, max_instances = 255 |
|
1 | |
| Get Info | C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Roaming\MICROS~1\{F5FB2~1 | type = file_attributes |
|
6 | |
| Get Info | C:\Users\aETAdzjz\AppData\Roaming\MICROS~1\{F5FB2~1\01D51ED4E3ECF92009 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\storage\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\cache2\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cache\ | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cookies | type = file_attributes |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | type = file_attributes |
|
3 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\E3D6.bin | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | type = size |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | type = size |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ff\\3y2joh8o.default\cookies.sqlite | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\sols\macromedia.com\support\flashplayer\sys\settings.sol | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\aetadzjz@g.live[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\aetadzjz@g.live[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\aetadzjz@google[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\aetadzjz@google[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\aetadzjz@live[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\aetadzjz@live[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ad.360yield[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ad.360yield[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ad13.adfarm1.adition[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ad13.adfarm1.adition[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@addthis[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@addthis[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adfarm1.adition[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adfarm1.adition[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adformdsp[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adformdsp[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adform[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adform[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adnxs[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adnxs[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adscale[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adscale[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adserving.ancoraplatform[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adserving.ancoraplatform[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adsrvr[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adsrvr[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@adtech[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adtech[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@advertising[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@advertising[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@angsrvr[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@angsrvr[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@api.bing[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@api.bing[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@at.atwola[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@at.atwola[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bidswitch[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bidswitch[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bing[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bing[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bluekai[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bluekai[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bs.serving-sys[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bs.serving-sys[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@bs.serving-sys[3].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bs.serving-sys[3].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@c.bing[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@c.bing[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@c.msn[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@c.msn[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@c1.microsoft[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@c1.microsoft[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@casalemedia[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@casalemedia[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@connextra[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@connextra[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@crwdcntrl[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@crwdcntrl[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@demdex[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@demdex[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@doubleclick[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@doubleclick[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@dpm.demdex[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@dpm.demdex[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@exelator[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@exelator[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@eyeota[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@eyeota[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@google[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@google[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ibeu2.mookie1[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ibeu2.mookie1[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@ih.adscale[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ih.adscale[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@linkedin[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@linkedin[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@m.exactag[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@m.exactag[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@mathtag[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@mathtag[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@microsoft[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@microsoft[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@msn[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@msn[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@openx[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@openx[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@pixel.rubiconproject[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@pixel.rubiconproject[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@pubmatic[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@pubmatic[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@rubiconproject[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@rubiconproject[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@scorecardresearch[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@scorecardresearch[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@semasio[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@semasio[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@server.adformdsp[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@server.adformdsp[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@serving-sys[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@serving-sys[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@serving.experianmarketingservices[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@serving.experianmarketingservices[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@smartadserver[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@smartadserver[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@tapad[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@tapad[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@track.adform[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@track.adform[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@turn[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@turn[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@w55c[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@w55c[2].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@www.bing[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@www.bing[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@www.linkedin[1].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@www.linkedin[1].txt |
|
1 | |
| Copy | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{B423FFBF-837B-066B-AD28-679A31DC8B6E}\cookie.ie\Low\aetadzjz@www.msn[2].txt | source_filename = C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@www.msn[2].txt |
|
1 | |
| Read | C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe | size = 1158144, size_out = 1158144 |
|
1 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 4, size_out = 4 |
|
3 | |
| Read | - | size = 12, size_out = 0 |
|
13 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12, size_out = 12 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 0, size_out = 0 |
|
1 | |
| Read | - | size = 12, size_out = 0 |
|
10 | |
| Read | - | size = 98, size_out = 98 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 4, size_out = 4 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 1, size_out = 1 |
|
2 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 8, size_out = 8 |
|
5 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 512, size_out = 512 |
|
15 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 3156, size_out = 3156 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 448, size_out = 448 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 140, size_out = 140 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 504, size_out = 504 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 112, size_out = 112 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 128, size_out = 128 |
|
2 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 120, size_out = 120 |
|
2 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 118, size_out = 118 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 108, size_out = 108 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 110, size_out = 110 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 148, size_out = 148 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 180, size_out = 180 |
|
1 | |
| Read | C:\Users\aETAdzjz\Documents\Outlook Files\sdjwh@dive.djh.pst | size = 162, size_out = 162 |
|
1 | |
| Read | - | size = 92, size_out = 0 |
|
3 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | size = 161444, size_out = 161444 |
|
1 | |
| Read | - | size = 44, size_out = 44 |
|
6 | |
| Read | - | size = 12, size_out = 12 |
|
4 | |
| Write | - | size = 12 |
|
21 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{F5FB2C3C-D05C-EF89-82F9-0493D63D7877}\01D51ED4E3ECF92009 | size = 98 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 80 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 30 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 24 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 22 |
|
1 | |
| Write | - | size = 152 |
|
3 | |
| Write | - | size = 12 |
|
3 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | size = 80722 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 80 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 30 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 49 |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019060920190610 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070320170710 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\VisioLogFiles | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\PrivacIE\Low | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\PrivacIE | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz\AppData\Roaming\Microsoft | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz\AppData\Roaming | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz\AppData | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\aETAdzjz | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\98 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\A8 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\CB | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\E1 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\F4 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1\03 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1\E4 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1\F6 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\2\48 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\2\59 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\2 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\3\DA | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\3 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\4\EE | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\4 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5\1B | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5\9A | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5\F1 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\6 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\7\26 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\7\60 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\7 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\8\AE | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\8 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\00 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\10 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\2C | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\49 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\8D | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\E0 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\FD | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\A\AE | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\A\CE | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\A | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\35 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\3E | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\64 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\89 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\E5 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\C\1F | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\C\55 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\C | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\07 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\08 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\15 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\FE | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\17 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\45 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\57 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\69 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\F\23 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\F\94 | - |
|
1 | |
| Delete Directory | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\F | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\Desktop\sgm_20190527_desfuhohdt.exe | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019060920190610\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017070320170710\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012017071220170713\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MM5O9XQS\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PMMR5K9K\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJUQL1C\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9OHK109\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\000000929118[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\11-b6a7e6-91cdfbc1[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\1[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\2532[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\3_3_ino_smarthome_performance_728x90-default[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\6144;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=243782100;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=0;grp=243782100[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\6144;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=243782100;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=0;grp=243782100[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=243794042;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=0;grp=243794042[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\7962161087[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AA3e1pt[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AA3e3XC[2].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AA3vOVA[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AA61yi9[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AA6JPT3[2].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AA8Tave[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AAag599[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AAmo09p[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\AAmUyV2[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\Adform.WriteHelper[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\adfscript[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\adfserve[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\adServer[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\async_usersync[2].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BB74fLs[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBB9wH0[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBBL4R9[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDA2Z8[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDAtwP[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDEBhY[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDENHn[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDFSY9[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDiDYy[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDKivI[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDKPiR[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDKWr8[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLE8A[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLfeZ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLGpz[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLnD2[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLNHE[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLoXM[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLpCk[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLPMU[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLufg[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLv5i[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLwpx[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDLxXg[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDM5IR[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDM8Mj[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDMcxK[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDMgVZ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDMhpZ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDMjYw[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDMkEn[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDMlhy[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDsiQ2[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDsyaT[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBDuJ15[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBjBl9m[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBoqF0J[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBqPKnQ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\BBw2j7b[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\bootstrap[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\box_19_top-right[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\bs-util[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\clientconfig[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\COMMON[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\ContainerTag[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\ContainerTag[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\ContainerTag[3].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\css[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\cs[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\DE-300x250-text03[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\fe-5c8f1f-f30905ea[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\googbase_min[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\google_de[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\gwdimage_min[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\gwdimage_style[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\js[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\latest[1].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\match[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\meversion[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\microsoft-gray[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\MSNIdSync[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\msn[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\ms[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\pixel[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\surly[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\URRYV-HX35J-LK4WZ-4TRKG-NBMKC[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[4] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[5] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[6] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[7] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[8] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1WL4SQRT\v2[9] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\000000983398[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\11-b6a7e6-91cdfbc1[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\11-b6a7e6-91cdfbc1[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\14efd5f5[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\19328921[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\3_3_ino_smarthome_performance_728x90-default[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE11;kvgrp=243920512;kvismob=2;extmirroring=0;kvtile=2;target=_blank;aduho=0;grp=243920512[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\MICROS~1\{F5FB2~1\setup.inf | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\MICROS~1\{F5FB2~1\setup.rpt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\{F5FB2C3C-D05C-EF89-82F9-0493D63D7877}\01D51ED4E3ECF92009 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=243913430;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=0;grp=243913430[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=243920512;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=0;grp=243920512[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=243913430;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=0;grp=243913430[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=243920512;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=0;grp=243920512[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=243913430;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=0;grp=243913430[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=243920512;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=0;grp=243920512[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=243913430;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=0;grp=243913430[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=243920512;kvismob=2;extmirroring=0;kvtile=6;target=_blank;aduho=0;grp=243920512[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AA3e6zI[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AA42ckd[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AA7zvAd[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AAfGQmV[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AAicW5W[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AAkhMz9[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AAkqhIf[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AAm2UN1[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\AAmin0Z[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adex[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\Adform.DHTML[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adfscript[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adfscript[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adfserve[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adfserve[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adfserve[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adfserve[4] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\adServer[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\advertisement.ad[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\async_usersync[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\async_usersync[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\async_usersync[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\ba[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BB1CcOi[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BB1kvzy[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BB6Ma4a[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDDVe8[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDEk7R[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDEmYI[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDEop9[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDEsv0[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDGDEz[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDJGUg[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDJJsJ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDJurV[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDJZdv[2].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDK0KJ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDK3QY[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDKcnv[2].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDKjtL[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDKo2P[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDKSfI[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDKUWf[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLjFT[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLjFT[2].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLLBR[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLM5y[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLmEf[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLPMU[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLqdv[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLsaK[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLsFR[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLuBc[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLW8b[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDLXKp[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDntNC[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDrJ2v[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDstfh[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDtRBe[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBDw280[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBghfVy[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\BBs47TE[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\ci[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\COMMON[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\ContainerTag[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\controller[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\dbm_mediaiqdigital_com[2].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\ebHtml5Banner[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\googlelogo_white_background_color_272x92dp[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\gwdpagedeck_min[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\jquery[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\js[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\js[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\latest[1].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\latest[2].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\latest[3].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\log[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\match[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\match[2].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\match[3].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\match[4].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\match[5].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\profile[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JW0IE7I\uhf-west-european-default.min[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\11-b6a7e6-91cdfbc1[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\14efd5f5[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\14efd5f5[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\19398275[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\4[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\6144;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=243782100;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=0;grp=243782100[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\6144;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=243782100;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=0;grp=243782100[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\AA42x3V[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\AA61AKN[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\AA61ILp[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\AAcN2Ks[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\AAmRY2Q[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\adfscript[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\adfscript[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\adfscript[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\adServer[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\adServer[2].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\ast[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\ast[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\async_usersync[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\async_usersync[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\async_usersync[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\async_usersync[4] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\ba[2].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BB5zDwX[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBaK3Nm[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBB8ZbM[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBBseMP[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDDRiy[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDEuKV[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDFpHx[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDFSY9[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDIAFH[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDJEON[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDJIs4[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDJV7W[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDK0KJ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDK2sB[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDK3QY[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDKWr8[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLHiT[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLl58[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLLQz[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLlX3[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLq44[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLt9V[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDLxXg[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDM6AR[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDM8ks[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDM8Mj[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDMcxK[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDMcZB[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDMdsm[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDMp3M[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDMpdZ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDMptJ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDr3Zu[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDvCmH[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDvM89[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBDvxii[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBmUxRK[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\BBo1lFJ[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\bootstrap[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\bs-components[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\chartbeat[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\collect[2].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\config[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\ContainerTag[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\ContainerTag[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\DevCMDL2.2.18[1].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\e151e5[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\fallback_728x90[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\fe-5c8f1f-f30905ea[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\gwdpage_min[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\gwdpage_style[2].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\ie8[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\jslibraries[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\js[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\js[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\js[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\js[4] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\log[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\MemMDL2.2.17[1].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\nav_logo229[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\pixels[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\print[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\REZlo1[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\Standard[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\Standard[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\thirdparty[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\trpx[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\uid[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\u[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\v2[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\v2[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\v2[3] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\wc-addons[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G003HD4D\WebCore.4.19.0.ltr.light.min[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\2082701[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\2082701[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\2532[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=243794042;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=0;grp=243794042[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=243794042;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=0;grp=243794042[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\6858;kvmsft_pagetype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=243794042;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=0;grp=243794042[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AA3e1oO[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AA429NP[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AA42pjY[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AA7XCQ3[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AA8uCo4[2].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AAbyinC[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AAdAVrM[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\AAfOIDq[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\adfscript[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\adfserve[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\adfserve[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\adition[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\adServer[1].htm | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\adsWrapperMSNI[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\angular-locale_en-us[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\application[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\ast[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\async_usersync[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\async_usersync[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\b2fd15[2].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BB46JmN[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BB56XTo[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BB8AdqN[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBALZyp[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBBLj61[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDAUkm[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDE29T[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDFK8W[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDFLTH[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDFqfK[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDFQm5[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDJGZ2[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDJIsX[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDJKj6[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDJTA8[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDJYPA[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDK03h[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDK305[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDk44m[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDK6DE[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDKehx[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDKsWM[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDKvdW[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLCZd[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLfeZ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLl8d[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLLQz[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLmdu[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLmEf[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLNHE[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLPMU[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLq44[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLS6q[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLv5i[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDLXKp[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDM2NJ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDM8gk[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDM8ks[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDMgVZ[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDMopy[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDMp3M[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBDMwuY[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBg3ODX[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BBkkhJa[1].png | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\BByazif[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\bootstrap[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\bootstrap[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\bounce[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\bs-jsdep[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\collect[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\ContainerTag[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\ContainerTag[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\ContainerTag[3].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\core[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\fallback_300x250[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\fallback_728x90[1].jpg | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\fe-5c8f1f-f30905ea[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\fe-5c8f1f-f30905ea[2] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\getid[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\gwdgenericad_min[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\gwdpagedeck_style[1].css | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\gwd_webcomponents_min[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\jquery-1.11.1.min[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\latest[1].eot | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\log[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\match[1].gif | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\rs=ACT90oE8yoYdKkJDdxTdshvHJC7zAFXNdg[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\sbt-f6817f3a26c6[2].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\sem_ce1f66a3042d4bd6a3ccb0050c26ae01[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\Standard[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\thirdparty[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\uhf-main.var.min[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\Utils_v9-long[1].js | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XEVK8ZW3\v2[1] | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\aetadzjz@g.live[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\aetadzjz@google[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\aetadzjz@live[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ad.360yield[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ad13.adfarm1.adition[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@addthis[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adfarm1.adition[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adformdsp[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adform[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adnxs[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adscale[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adserving.ancoraplatform[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adsrvr[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@adtech[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@advertising[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@angsrvr[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@api.bing[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@at.atwola[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bidswitch[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bing[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bluekai[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bs.serving-sys[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@bs.serving-sys[3].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@c.bing[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@c.msn[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@c1.microsoft[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@casalemedia[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@connextra[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@crwdcntrl[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@demdex[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@doubleclick[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@dpm.demdex[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@exelator[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@eyeota[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@google[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ibeu2.mookie1[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@ih.adscale[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@linkedin[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@m.exactag[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@mathtag[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@microsoft[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@msn[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@openx[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@pixel.rubiconproject[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@pubmatic[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@rubiconproject[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@scorecardresearch[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@semasio[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@server.adformdsp[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@serving-sys[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@serving.experianmarketingservices[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@smartadserver[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@tapad[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@track.adform[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@turn[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@w55c[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@www.bing[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@www.linkedin[1].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Cookies\Low\aetadzjz@www.msn[2].txt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Roaming\Mozilla\Firefox\Profiles\3y2joh8o.default\cookies.sqlite | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\98\B60F3d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\A8\C3B7Bd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\CB\44E8Cd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\E1\EBFA5d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\0\F4\9ADE8d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1\03\3E20Ad01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1\E4\3C9ECd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\1\F6\CBD4Dd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\2\48\7555Ad01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\2\59\DD6B0d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\3\DA\2555Ed01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\4\EE\95599d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5\1B\2561Dd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5\9A\28159d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\5\F1\C8C27d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\7\26\90EEBd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\7\60\85957d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\8\AE\93407d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\00\7AABCd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\10\16A09d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\2C\24B53d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\49\38779d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\8D\2B984d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\E0\F17B2d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\9\FD\57344d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\A\AE\CF1AEd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\A\CE\65483d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\35\D456Ed01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\3E\50FD5d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\64\37ABBd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\89\10CF4d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\B\E5\9A8D1d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\C\1F\7ADBDd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\C\55\BF060d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\07\1F307d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\08\71469d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\15\BF22Ad01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\D\FE\A0C36d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\17\D467Fd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\45\C6466d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\57\C6B34d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\E\69\885EEd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\F\23\7E0FEd01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\F\94\C3F14d01 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\_CACHE_001_ | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\_CACHE_002_ | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\_CACHE_003_ | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Mozilla\Firefox\Profiles\3y2joh8o.default\Cache\_CACHE_MAP_ | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cache\index | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Default\Cookies | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Temp\setup.inf | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Temp\setup.rpt | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | - |
|
1 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | - |
|
1 |
Registry (2996)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_USERS | - |
|
1 | |
| Open Key | HKEY_USERS\S-1-5-21-2345716840-1148442690-1481144037-1000\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\SecureBrain\PhishWall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles\Outlook | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Profiles\Outlook | - |
|
24 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
7 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
58 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | - |
|
62 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
32 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
63 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | - |
|
396 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = {E12FFA4A-CC07-BBA0-DEA5-C01FF2A9F4C3}, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager | value_name = Outlook, type = REG_NONE |
|
2 | |
| Read Value | - | value_name = SMTP Email Address |
|
1 | |
| Read Value | - | value_name = SMTP Server |
|
1 | |
| Read Value | - | value_name = POP3 Server |
|
1 | |
| Read Value | - | value_name = POP3 User Name |
|
1 | |
| Read Value | - | value_name = SMTP User Name |
|
1 | |
| Read Value | - | value_name = NNTP Email Address |
|
1 | |
| Read Value | - | value_name = NNTP User Name |
|
1 | |
| Read Value | - | value_name = NNTP Server |
|
1 | |
| Read Value | - | value_name = IMAP Server |
|
1 | |
| Read Value | - | value_name = IMAP User Name |
|
1 | |
| Read Value | - | value_name = Email |
|
1 | |
| Read Value | - | value_name = HTTP User |
|
1 | |
| Read Value | - | value_name = HTTP Server URL |
|
1 | |
| Read Value | - | value_name = POP3 User |
|
1 | |
| Read Value | - | value_name = IMAP User |
|
1 | |
| Read Value | - | value_name = HTTPMail User Name |
|
1 | |
| Read Value | - | value_name = HTTPMail Server |
|
1 | |
| Read Value | - | value_name = SMTP User |
|
1 | |
| Read Value | - | value_name = POP3 Password2 |
|
1 | |
| Read Value | - | value_name = IMAP Password2 |
|
1 | |
| Read Value | - | value_name = NNTP Password2 |
|
1 | |
| Read Value | - | value_name = HTTPMail Password2 |
|
1 | |
| Read Value | - | value_name = SMTP Password2 |
|
1 | |
| Read Value | - | value_name = POP3 Password |
|
1 | |
| Read Value | - | value_name = IMAP Password |
|
1 | |
| Read Value | - | value_name = NNTP Password |
|
1 | |
| Read Value | - | value_name = HTTP Password |
|
1 | |
| Read Value | - | value_name = SMTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP Email Address |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = POP3 Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = POP3 User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = NNTP Email Address |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = NNTP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = NNTP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = IMAP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = IMAP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = Email |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = HTTP User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = HTTP Server URL |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = POP3 User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = IMAP User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = HTTPMail User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = HTTPMail Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = POP3 Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = IMAP Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = NNTP Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = HTTPMail Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = POP3 Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = IMAP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = NNTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = HTTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | value_name = SMTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Email Address |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = LastTask, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Email Address |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = POP3 User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | value_name = SMTP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Email Address |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Server, data = 104 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Server, data = 102 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Email Address |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, data = 115 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Server URL |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 User, data = 115 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail User Name |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail Server |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP User |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTPMail Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password2 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = NNTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = HTTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Password |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = POP3 Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = POP3 User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = NNTP Email Address |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = NNTP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = NNTP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = IMAP Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = IMAP User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = Email |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = HTTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = HTTP Server URL |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = POP3 User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = IMAP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = HTTPMail User Name |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = HTTPMail Server |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP User |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = POP3 Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = IMAP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = NNTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = HTTPMail Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP Password2 |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = POP3 Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = IMAP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = NNTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = HTTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP Password |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = POP3 Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = SMTP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | value_name = IMAP Port, data = 0, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Exec, type = REG_NONE |
|
2 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | value_name = EnableSPDY3_0, data = 0, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = {E12FFA4A-CC07-BBA0-DEA5-C01FF2A9F4C3}, size = 8, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
2 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
2 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | value_name = AECAA210A7EA5C4A0F, size = 92, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | value_name = 764028EAB3C0274F06, size = 92, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
2 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
2 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, size = 44, type = REG_BINARY |
|
2 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_USERS | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\189cba75c69c634996739bac92103ebb | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1a8bd43e654f65418fbafadeef063a57 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\1cfb96c6c96b454ebff73da2e9f63f51 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\467888fc50a6c6448d6cc0cf7b5307d6 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\48dea081c9634a43a6861907855add5c | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\55aad8d134512d438564aa678cb92d66 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\71b0295bef58e344911262b243f005ac | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Mozilla | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 |
Process (689)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\explorer.exe | os_pid = 0xaf8, creation_flags = CREATE_SUSPENDED, CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE |
|
1 | |
| Create | C:\Program Files (x86)\Internet Explorer\iexplore.exe | os_pid = 0xb54, creation_flags = CREATE_SUSPENDED, CREATE_NEW_CONSOLE, CREATE_UNICODE_ENVIRONMENT, CREATE_EXTENDED_STARTUPINFO_PRESENT, CREATE_DEFAULT_ERROR_MODE, startup_flags = STARTF_USESHOWWINDOW, STARTF_TITLEISLINKNAME, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | os_pid = 0xb64, creation_flags = CREATE_SUSPENDED, CREATE_NEW_CONSOLE, CREATE_UNICODE_ENVIRONMENT, CREATE_EXTENDED_STARTUPINFO_PRESENT, CREATE_DEFAULT_ERROR_MODE, startup_flags = STARTF_USESHOWWINDOW, STARTF_TITLEISLINKNAME, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | os_pid = 0xb70, creation_flags = CREATE_SUSPENDED, CREATE_NEW_CONSOLE, CREATE_UNICODE_ENVIRONMENT, CREATE_EXTENDED_STARTUPINFO_PRESENT, CREATE_DEFAULT_ERROR_MODE, startup_flags = STARTF_USESHOWWINDOW, STARTF_TITLEISLINKNAME, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | cmd | os_pid = 0x86c, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | makecab.exe | os_pid = 0xa04, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x250, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x248, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x7dc, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x610, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x8e8, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x87c, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x888, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0xa54, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x41c, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x810, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x900, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x848, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x904, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | cmd | os_pid = 0x580, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Create | makecab.exe | os_pid = 0x850, creation_flags = CREATE_DEFAULT_ERROR_MODE, CREATE_NO_WINDOW, show_window = SW_HIDE |
|
1 | |
| Enumerate Processes | - | - |
|
300 | |
| Get Info | c:\windows\explorer.exe | type = PROCESS_BASIC_INFORMATION |
|
348 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Windows\SysWOW64\explorer.exe | type = PROCESS_WOW64_INFORMATION |
|
6 | |
| Get Info | C:\Program Files (x86)\Internet Explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Open | c:\program files (x86)\mozilla firefox\firefox.exe | desired_access = PROCESS_TERMINATE |
|
1 | |
| Open | c:\program files (x86)\mozilla firefox\firefox.exe | desired_access = PROCESS_TERMINATE |
|
1 | |
| Open | c:\program files (x86)\google\chrome\application\chrome.exe | desired_access = PROCESS_TERMINATE |
|
3 | |
| Open | c:\program files (x86)\google\chrome\application\chrome.exe | desired_access = PROCESS_TERMINATE |
|
1 | |
| Terminate | c:\program files (x86)\mozilla firefox\firefox.exe | exit_code = 0 |
|
1 | |
| Terminate | c:\program files (x86)\google\chrome\application\chrome.exe | exit_code = 0 |
|
1 | |
| Terminate | c:\program files (x86)\google\chrome\application\chrome.exe | exit_code = 0 |
|
2 |
Thread (48)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Suspend | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
3 | |
| Suspend | c:\windows\explorer.exe | os_tid = 0xb50 |
|
2 | |
| Suspend | c:\windows\explorer.exe | os_tid = 0xb60 |
|
3 | |
| Suspend | c:\windows\explorer.exe | os_tid = 0xb6c |
|
5 | |
| Get Context | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
4 | |
| Get Context | c:\windows\explorer.exe | os_tid = 0xb50 |
|
3 | |
| Get Context | c:\windows\explorer.exe | os_tid = 0xb60 |
|
4 | |
| Get Context | c:\windows\explorer.exe | os_tid = 0xb6c |
|
6 | |
| Set Context | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
1 | |
| Set Context | c:\windows\explorer.exe | os_tid = 0xb50 |
|
1 | |
| Set Context | c:\windows\explorer.exe | os_tid = 0xb60 |
|
1 | |
| Set Context | c:\windows\explorer.exe | os_tid = 0xb6c |
|
1 | |
| Resume | c:\windows\explorer.exe | os_tid = 0xaf0 |
|
4 | |
| Resume | c:\windows\explorer.exe | os_tid = 0xb50 |
|
2 | |
| Resume | c:\windows\explorer.exe | os_tid = 0xb60 |
|
3 | |
| Resume | c:\windows\explorer.exe | os_tid = 0xb6c |
|
5 |
Memory (1106)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Windows\SysWOW64\explorer.exe | address = 112061808, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 112061816 |
|
1 | |
| Allocate | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 166449984, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 166449992 |
|
1 | |
| Allocate | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 166123600, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 166123608 |
|
1 | |
| Allocate | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 111072320, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 111072328 |
|
1 | |
| Protect | C:\Windows\SysWOW64\explorer.exe | address = 4329210, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Windows\SysWOW64\explorer.exe | address = 4329210, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14032026, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14032026, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 17966200, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 17966200, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2130571264, size = 616 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 4128768, size = 4096 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 4128984, size = 4096 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 4329210, size = 4 |
|
1 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2130567168, size = 20 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000945664, size = 36 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7087264, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7087392, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7088224, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7088456, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7090272, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7090472, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7091368, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7090952, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7134608, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7136864, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137064, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137264, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137456, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137656, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137856, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139080, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139280, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139512, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139640, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139768, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139896, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140024, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140152, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140280, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140408, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140536, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140664, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140792, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7140920, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7141048, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7141176, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7141304, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7141432, size = 80 |
|
6 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7084216, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7087520, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7088144, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7088376, size = 68 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7090192, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7090400, size = 60 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7091296, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7090840, size = 60 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7091192, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7136784, size = 66 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7136992, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137192, size = 60 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137392, size = 54 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137584, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7137784, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139008, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139208, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7139408, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7148368, size = 74 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7148456, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7149552, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7149840, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7150968, size = 58 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7151040, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7155592, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7149912, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7149992, size = 64 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7151112, size = 60 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7151184, size = 60 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7155152, size = 54 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7157248, size = 226 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7151256, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 7151328, size = 62 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999896576, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999900672, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999904768, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999908864, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999912960, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999917056, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999921152, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999925248, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999929344, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999933440, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999937536, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999941632, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999945728, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999949824, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999953920, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999958016, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999962112, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999966208, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999970304, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999974400, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999978496, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999982592, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999986688, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999990784, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999994880, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 1999998976, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000003072, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000007168, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000011264, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000015360, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000019456, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000023552, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000027648, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000031744, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000035840, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000039936, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000044032, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000048128, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000052224, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000056320, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000060416, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000064512, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000068608, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000072704, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000076800, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000080896, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000084992, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000089088, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000093184, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000097280, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000101376, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000105472, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000109568, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000113664, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000117760, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000121856, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000125952, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000130048, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000134144, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000138240, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000142336, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000146432, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000150528, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000154624, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000158720, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000162816, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000166912, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000171008, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000175104, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000179200, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000183296, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000187392, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000191488, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000195584, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000199680, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000203776, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000207872, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000211968, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000216064, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000220160, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000224256, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000228352, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000232448, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000236544, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000240640, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000244736, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000248832, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000252928, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000257024, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000261120, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000265216, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000269312, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000273408, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000277504, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000281600, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000285696, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000289792, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000293888, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000297984, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000302080, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000306176, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000310272, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000314368, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000318464, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000322560, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000326656, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000330752, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000334848, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000338944, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000343040, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000347136, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000351232, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000355328, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000359424, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000363520, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000367616, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000371712, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000375808, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000379904, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000384000, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000388096, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000392192, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000396288, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000400384, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000404480, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000408576, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000412672, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000416768, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000420864, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000424960, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000429056, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000433152, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000437248, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000441344, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000445440, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000449536, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000453632, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000457728, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000461824, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000465920, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000470016, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000474112, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000478208, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000482304, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000486400, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000490496, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000494592, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000498688, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000502784, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000506880, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000510976, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000515072, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000519168, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000523264, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000527360, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000531456, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000535552, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000539648, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000543744, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000547840, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000551936, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000556032, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000560128, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000564224, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000568320, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000572416, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000576512, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000580608, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000584704, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000588800, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000592896, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000596992, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000601088, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000605184, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000609280, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000613376, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000617472, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000621568, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000625664, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000629760, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000633856, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000637952, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000642048, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000646144, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000650240, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000654336, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000658432, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000662528, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000666624, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000670720, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000674816, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000678912, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000683008, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000687104, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000691200, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000695296, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000699392, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000703488, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000707584, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000711680, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000715776, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000719872, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000723968, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000728064, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000732160, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000736256, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000740352, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000744448, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000748544, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000752640, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000756736, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000760832, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000764928, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000769024, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000773120, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000777216, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000781312, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000785408, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000789504, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000793600, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000797696, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000801792, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000805888, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000809984, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000814080, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000818176, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000822272, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000826368, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000830464, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000834560, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000838656, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000842752, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000846848, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000850944, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000855040, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000859136, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000863232, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000867328, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000871424, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000875520, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000879616, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000883712, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000887808, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000891904, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000896000, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000900096, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000904192, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000908288, size = 4096 |
|
3 | |
| Read | C:\Windows\SysWOW64\explorer.exe | address = 2000912384, size = 4096 |
|
3 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 2130571264, size = 616 |
|
1 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14024704, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14024952, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14032026, size = 4 |
|
1 | |
| Read | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 4294832128, size = 616 |
|
1 | |
| Read | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 17956864, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 17957104, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 17966200, size = 4 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 8796092878848, size = 616 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357240320, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357240648, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5358159256, size = 40 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5358041600, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\explorer.exe | address = 0x420efa, size = 4 |
|
2 | |
| Write | C:\Windows\SysWOW64\explorer.exe | address = 0x1f0000, size = 792 |
|
1 | |
| Write | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 0xd61c9a, size = 4 |
|
2 | |
| Write | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 0x140000, size = 792 |
|
1 | |
| Write | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 0x1122478, size = 4 |
|
2 | |
| Write | C:\Program Files (x86)\Mozilla Firefox\firefox.exe | address = 0xe0000, size = 792 |
|
1 | |
| Write | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 0x13f5437e0, size = 4 |
|
2 | |
| Write | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 0xe0000, size = 792 |
|
1 |
Module (321)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x7fefd710000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x7fefd5c0000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76f40000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77320000 |
|
1 | |
| Load | ole32.dll | base_address = 0x7fefea30000 |
|
1 | |
| Load | ADVAPI32.DLL | base_address = 0x7fefd710000 |
|
1 | |
| Load | SHELL32.dll | base_address = 0x7fefdb70000 |
|
1 | |
| Load | WININET.dll | base_address = 0x7feff340000 |
|
1 | |
| Load | vaultcli.dll | base_address = 0x7fef2b60000 |
|
1 | |
| Get Handle | c:\windows\explorer.exe | base_address = 0xffb60000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
8 | |
| Get Handle | c:\windows\system32\ntdll.dll | base_address = 0x77160000 |
|
4 | |
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x76f40000 |
|
2 | |
| Get Handle | c:\windows\system32\kernelbase.dll | base_address = 0x7fefd330000 |
|
1 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x7fefd710000 |
|
3 | |
| Get Filename | AVIFIL32.dll | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 260 |
|
2 | |
| Get Filename | c:\windows\system32\ntdll.dll | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
3 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = __C_specific_handler, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = __chkstk, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x6adfe90 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x770491d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7fefd71d710 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrRChrA, address_out = 0x7fefd5c4c9c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76f50a90 |
|
2 | |
| Get Address | c:\windows\system32\user32.dll | function = FindWindowA, address_out = 0x76f68270 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76fbbae8 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefd72b5f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyExA, address_out = 0x7fefd721d70 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrA, address_out = 0x7fefd5daf54 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyA, address_out = 0x7fefd71d6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefd730710 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefd71dc20 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetThreadDesktop, address_out = 0x76f5a850 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetUserObjectInformationA, address_out = 0x76f4777c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CloseDesktop, address_out = 0x76f4d850 |
|
1 | |
| Get Address | c:\windows\system32\psapi.dll | function = EnumProcessModules, address_out = 0x77321050 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIW, address_out = 0x7fefd5cfb70 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegSetValueExA, address_out = 0x7fefd721dc0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = Wow64EnableWow64FsRedirection, address_out = 0x7708ffd0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x770513a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SuspendThread, address_out = 0x77042f60 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyA, address_out = 0x7fefd717c50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefd72c480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameW, address_out = 0x7fefd721fd0 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CreateStreamOnHGlobal, address_out = 0x7fefeb15fb0 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathFindFileNameA, address_out = 0x7fefd5c86c4 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowsHookExA, address_out = 0x76f68c20 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = RegisterClassA, address_out = 0x76f49f68 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CreateWindowExA, address_out = 0x76f4a2e0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowLongPtrA, address_out = 0x76f537c0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcA, address_out = 0x7717f548 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = SetWindowLongPtrA, address_out = 0x76f4b500 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetMessageA, address_out = 0x76f56110 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathFindFileNameW, address_out = 0x7fefd5d3920 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrW, address_out = 0x7fefd5cfa50 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrTrimW, address_out = 0x7fefd5cb090 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoInitializeEx, address_out = 0x7fefea52a30 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegNotifyChangeKeyValue, address_out = 0x7fefd721820 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = SHGetFolderPathW, address_out = 0x7fefdbf3ba4 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathCombineW, address_out = 0x7fefd5d3dfc |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathMatchSpecW, address_out = 0x7fefd5d1b64 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathFindExtensionA, address_out = 0x7fefd5eb358 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrTrimA, address_out = 0x7fefd5f06a4 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = FindFirstUrlCacheEntryA, address_out = 0x7feff3656f0 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIA, address_out = 0x7fefd5c5a1c |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = FindNextUrlCacheEntryA, address_out = 0x7feff365aac |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = FindCloseUrlCache, address_out = 0x7feff34e600 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetCanonicalizeUrlA, address_out = 0x7feff3a0b90 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = IsTextUnicode, address_out = 0x7fefd730720 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7fefd7306f0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumValueW, address_out = 0x7fefd72c420 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptAcquireContextW, address_out = 0x7fefd71d98c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptCreateHash, address_out = 0x7fefd71dad4 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptHashData, address_out = 0x7fefd71dac0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptGetHashParam, address_out = 0x7fefd71db20 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptDestroyHash, address_out = 0x7fefd71db00 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = CryptReleaseContext, address_out = 0x7fefd71dd10 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetOpenA, address_out = 0x7feff359098 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateInstance, address_out = 0x7fefea57490 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoTaskMemFree, address_out = 0x7fefea58e20 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetSetStatusCallback, address_out = 0x7feff372f00 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetConnectA, address_out = 0x7feff373130 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpOpenRequestA, address_out = 0x7feff373910 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetQueryOptionA, address_out = 0x7feff34e874 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetSetOptionA, address_out = 0x7feff34fb34 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpSendRequestA, address_out = 0x7feff3bf600 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultOpenVault, address_out = 0x7fef2b64274 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultCloseVault, address_out = 0x7fef2b642fc |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultEnumerateItems, address_out = 0x7fef2b650d4 |
|
1 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultGetItem, address_out = 0x7fef2b65370 |
|
2 | |
| Get Address | c:\windows\system32\vaultcli.dll | function = VaultFree, address_out = 0x7fef2b6626c |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumKeyExW, address_out = 0x7fefd72c310 |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoUninitialize, address_out = 0x7fefea51314 |
|
1 | |
| Get Address | c:\windows\system32\shell32.dll | function = 92, address_out = 0x7fefddb33dc |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathIsDirectoryEmptyA, address_out = 0x7fefd5e8ca0 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrRChrW, address_out = 0x7fefd5cb85c |
|
1 | |
| Get Address | c:\windows\system32\ole32.dll | function = CoCreateGuid, address_out = 0x7fefea3d9d0 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CallNextHookEx, address_out = 0x76f4bae0 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = InternetCloseHandle, address_out = 0x7feff355594 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegEnumValueA, address_out = 0x7fefd71d680 |
|
1 | |
| Get Address | c:\windows\system32\wininet.dll | function = HttpAddRequestHeadersA, address_out = 0x7feff358070 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 112063248 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 166451424 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 166125040 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 111073760 |
|
1 | |
| Create Mapping | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | filename = C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin, protection = PAGE_READONLY, maximum_size = 163 |
|
1 | |
| Create Mapping | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | filename = C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin, protection = PAGE_READONLY, maximum_size = 163 |
|
1 | |
| Create Mapping | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | filename = C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin, protection = PAGE_READONLY, maximum_size = 163 |
|
1 | |
| Create Mapping | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | filename = C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin, protection = PAGE_READONLY, maximum_size = 163 |
|
1 | |
| Map | - | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x9b70000 |
|
1 | |
| Map | - | process_name = C:\Windows\SysWOW64\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2c0000 |
|
1 | |
| Map | - | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x9ec0000 |
|
1 | |
| Map | - | process_name = C:\Program Files (x86)\Internet Explorer\iexplore.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x470000 |
|
1 | |
| Map | - | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x9e70000 |
|
1 | |
| Map | - | process_name = C:\Program Files (x86)\Mozilla Firefox\firefox.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x810000 |
|
1 | |
| Map | - | process_name = c:\windows\explorer.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x9d80000 |
|
1 | |
| Map | - | process_name = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1d50000 |
|
1 | |
| Map | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | process_name = c:\windows\explorer.exe, desired_access = FILE_MAP_READ |
|
1 |
User (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
2 | |
| Get Username | user_name_out = aETAdzjz |
|
2 |
Window (4)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = {353A45A5-3AC0-6F1F-A9F2-ED46C3F4A768}, wndproc_parameter = 156338352 |
|
1 | |
| Create | - | class_name = {7F7FA1E5-6A00-555F-E932-2D860334E7A8}, wndproc_parameter = 156338016 |
|
1 | |
| Find | - | class_name = ProgMan |
|
2 |
System (118)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | - |
|
1 | |
| Get Computer Name | result_out = YKYD69Q |
|
2 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
13 | |
| Sleep | duration = -1 (infinite) |
|
3 | |
| Sleep | duration = -1 (infinite) |
|
46 | |
| Sleep | duration = 10000 milliseconds (10.000 seconds) |
|
23 | |
| Sleep | duration = 60000 milliseconds (60.000 seconds) |
|
4 | |
| Get Time | type = Ticks, time = 110121 |
|
1 | |
| Get Time | type = System Time, time = 2019-06-09 15:05:35 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 111774 |
|
2 | |
| Get Time | type = System Time, time = 2019-06-09 15:06:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 151898 |
|
1 | |
| Get Time | type = Ticks, time = 151913 |
|
2 | |
| Get Time | type = System Time, time = 2019-06-09 15:06:18 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 155907 |
|
2 | |
| Get Time | type = Ticks, time = 166811 |
|
1 | |
| Get Time | type = System Time, time = 2019-06-09 15:07:07 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 203908 |
|
2 | |
| Get Time | type = Ticks, time = 264655 |
|
1 | |
| Get Time | type = Ticks, time = 264733 |
|
1 | |
| Get Time | type = System Time, time = 2019-06-09 15:08:30 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 465850 |
|
1 | |
| Get Time | type = Ticks, time = 765855 |
|
1 | |
| Register Hook | type = WH_KEYBOARD_LL, hookproc_address = 0x94e17f4 |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Open credential vault | - |
|
1 | |
| Enumerate credential vault items | - |
|
1 |
Mutex (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {AE7A4847-3582-10AE-2FC2-3944D3167DB8} |
|
1 | |
| Create | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6} |
|
1 | |
| Create | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD} |
|
1 | |
| Create | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15} |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD} |
|
1 |
Network Behavior
Process #4: explorer.exe
498
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\explorer.exe |
| Command Line | C:\Windows\SysWOW64\explorer.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:43, Reason: Child Process |
| Unmonitor | End Time: 00:00:47, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaf8 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AFC
0x
B14
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| explorer.exe | 0x003F0000 | 0x00670FFF | Content Changed | - | 32-bit | - |
|
|
|
| explorer.exe | 0x003F0000 | 0x00670FFF | Content Changed | - | 32-bit | - |
|
|
|
| buffer | 0x001F0000 | 0x001F0FFF | First Execution | - | 32-bit | 0x001F0218 |
|
|
|
| buffer | 0x002C1000 | 0x002ED58F | Marked Executable | - | 32-bit | - |
|
|
|
| buffer | 0x002C1000 | 0x002ED58F | Content Changed | - | 32-bit | 0x002D5000, 0x002E205D, ... |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\explorer.exe | 0xaf0 | address = 0x420efa, size = 4 |
|
2 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xaf0 | address = 0x2c0000, size = 1212416 |
|
1 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xaf0 | address = 0x1f0000, size = 792 |
|
1 | |
| Modify Control Flow | #3: c:\windows\explorer.exe | 0xaf0 | os_tid = 0xafc, address = 0x0 |
|
1 |
Host Behavior
Module (217)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x75220000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x76d00000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\explorer.exe | base_address = 0x3f0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x769e0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77340000 |
|
1 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76c00000 |
|
2 | |
| Get Filename | AVIFIL32.dll | process_name = c:\windows\syswow64\explorer.exe, file_name_orig = C:\Windows\SysWOW64\explorer.exe, size = 260 |
|
1 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlGetVersion, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _aulldiv, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _allmul, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _aullshr, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _allshl, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = _chkstk, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RtlUnwind, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = NtQueryVirtualMemory, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = InterlockedIncrement, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = InterlockedDecrement, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = InterlockedExchange, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetCommandLineA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetPrivateProfileSectionNamesW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetPrivateProfileStringW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetPrivateProfileIntW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x2bfdac |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x769f195e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7522ca94 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrRChrA, address_out = 0x76d0ccf5 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76c191b4 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = FindWindowA, address_out = 0x76c1ffe6 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x76c2ae5f |
|
1 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
2 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Ticks, time = 111993 |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 |
Process #5: iexplore.exe
1144
3
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\program files (x86)\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" |
| Initial Working Directory | C:\Users\aETAdzjz\ |
| Monitor | Start Time: 00:01:03, Reason: Child Process |
| Unmonitor | End Time: 00:15:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:14:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb54 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B58
0x
B5C
0x
B9C
0x
BA0
0x
BB4
0x
BB8
0x
BBC
0x
BC0
0x
BC4
0x
BC8
0x
BCC
0x
BD0
0x
BDC
0x
BE0
0x
BE4
0x
BF0
0x
90
0x
24C
0x
80C
0x
9A0
0x
B88
0x
118
0x
30C
0x
A88
0x
520
0x
B20
0x
884
0x
96C
0x
A6C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| iexplore.exe | 0x00D60000 | 0x00E05FFF | Content Changed | - | 32-bit | - |
|
|
|
| iexplore.exe | 0x00D60000 | 0x00E05FFF | Content Changed | - | 32-bit | - |
|
|
|
| buffer | 0x00471000 | 0x0049D58F | Marked Executable | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\explorer.exe | 0xb50 | address = 0xd61c9a, size = 4 |
|
2 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xb50 | address = 0x470000, size = 1212416 |
|
1 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xb50 | address = 0x140000, size = 792 |
|
1 | |
| Modify Control Flow | #3: c:\windows\explorer.exe | 0xb50 | os_tid = 0xb58, address = 0x0 |
|
1 |
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
3 | |
| Create | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED |
|
1 | |
| Create | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED |
|
1 | |
| Create | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED |
|
1 | |
| Open Mapping | Local\{BE5AE8D3-0543-A058-7FD2-09D423264D48} | desired_access = FILE_MAP_RESERVE |
|
1 | |
| Open Mapping | Local\{510697B8-7C8B-AB70-0E15-700F2219A4B3} | desired_access = FILE_MAP_RESERVE |
|
1 | |
| Open Mapping | Local\{F2C61CFD-A979-F476-C346-ED68A7DA711C} | desired_access = FILE_MAP_RESERVE |
|
1 | |
| Read | C:\Windows\SysWOW64\ntdll.dll | size = 4, size_out = 4 |
|
3 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12, size_out = 12 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 152, size_out = 152 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12, size_out = 12 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 152, size_out = 152 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12, size_out = 12 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 152, size_out = 152 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 92 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 92 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 92 |
|
1 |
Registry (43)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\SecureBrain\PhishWall | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Config | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Scr, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = {46DA6D74-EDEC-6869-A7DA-711CCBAE3510}, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
9 | |
| Write Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = {46DA6D74-EDEC-6869-A7DA-711CCBAE3510}, size = 8, type = REG_BINARY |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 | |
| Enumerate Values | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Sfi | - |
|
1 |
Process (105)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Program Files (x86)\Internet Explorer\iexplore.exe | os_pid = 0x130, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Get Info | c:\program files (x86)\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
103 | |
| Get Info | C:\Program Files (x86)\Internet Explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Thread (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Suspend | c:\program files (x86)\internet explorer\iexplore.exe | os_tid = 0x7d8 |
|
1 | |
| Get Context | c:\program files (x86)\internet explorer\iexplore.exe | os_tid = 0x7d8 |
|
2 | |
| Set Context | c:\program files (x86)\internet explorer\iexplore.exe | os_tid = 0x7d8 |
|
1 | |
| Resume | - | os_tid = 0x7d8 |
|
1 |
Memory (12)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 2542460, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 2542456 |
|
1 | |
| Protect | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14032026, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14032026, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 2130567168, size = 488 |
|
1 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14024704, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14024952, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 14032026, size = 4 |
|
1 | |
| Write | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 0xd61c9a, size = 4 |
|
2 | |
| Write | C:\Program Files (x86)\Internet Explorer\iexplore.exe | address = 0x250000, size = 792 |
|
1 |
Module (315)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x75220000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x76d00000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77310000 |
|
1 | |
| Load | WININET.DLL | base_address = 0x768e0000 |
|
1 | |
| Load | ieframe | base_address = 0x73c80000 |
|
1 | |
| Load | ieui | base_address = 0x74950000 |
|
1 | |
| Load | mshtml | base_address = 0x73500000 |
|
1 | |
| Load | inetcpl.cpl | base_address = 0x73270000 |
|
1 | |
| Load | ieapfltr | base_address = 0x72a20000 |
|
1 | |
| Load | urlmon | base_address = 0x756b0000 |
|
1 | |
| Load | WININET.dll | base_address = 0x768e0000 |
|
1 | |
| Get Handle | c:\program files (x86)\internet explorer\iexplore.exe | base_address = 0xd60000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x769e0000 |
|
7 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77340000 |
|
4 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76c00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernelbase.dll | base_address = 0x75450000 |
|
1 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x75220000 |
|
2 | |
| Get Handle | c:\windows\syswow64\wininet.dll | base_address = 0x768e0000 |
|
10 | |
| Get Filename | AVIFIL32.dll | process_name = c:\program files (x86)\internet explorer\iexplore.exe, file_name_orig = C:\Program Files (x86)\Internet Explorer\iexplore.exe, size = 260 |
|
2 | |
| Get Filename | c:\windows\syswow64\ntdll.dll | process_name = c:\program files (x86)\internet explorer\iexplore.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 260 |
|
3 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlGetVersion, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _aulldiv, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _allmul, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _aullshr, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _allshl, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = _chkstk, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RtlUnwind, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = NtQueryVirtualMemory, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = InterlockedIncrement, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = InterlockedDecrement, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = InterlockedExchange, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetCommandLineA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetPrivateProfileSectionNamesW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetPrivateProfileStringW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetPrivateProfileIntW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x26fddc |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x769f195e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7522ca94 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrRChrA, address_out = 0x76d0ccf5 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x76c2ae5f |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76c191b4 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = FindWindowA, address_out = 0x76c1ffe6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x7524a4b4 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetThreadDesktop, address_out = 0x76c16c63 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetUserObjectInformationA, address_out = 0x76c3d396 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CloseDesktop, address_out = 0x76c200fa |
|
1 | |
| Get Address | c:\windows\syswow64\psapi.dll | function = EnumProcessModules, address_out = 0x77311408 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIW, address_out = 0x76d146e9 |
|
10 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x75234907 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetWriteFile, address_out = 0x769146da |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCanonicalizeUrlA, address_out = 0x7695a787 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = FindFirstUrlCacheEntryA, address_out = 0x7690d8ca |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpEndRequestA, address_out = 0x769145ea |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestW, address_out = 0x7690ba12 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionA, address_out = 0x768f1b56 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFileExW, address_out = 0x7692ae0e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = FindCloseUrlCache, address_out = 0x76928409 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x7690f18e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x769049e9 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionA, address_out = 0x768f75e8 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x76904c7d |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x769718f8 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x768fb406 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetStatusCallback, address_out = 0x7690933e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpAddRequestHeadersA, address_out = 0x768fdcd2 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x768fab49 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionW, address_out = 0x768f7ed7 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestW, address_out = 0x76904a42 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpQueryInfoA, address_out = 0x768fa33e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetGetCookieA, address_out = 0x76972c90 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFileExA, address_out = 0x7692ae46 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = FindNextUrlCacheEntryA, address_out = 0x7690da09 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = DeleteUrlCacheEntry, address_out = 0x769259e8 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryDataAvailable, address_out = 0x76905e5d |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestExA, address_out = 0x76971812 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyA, address_out = 0x7522cc15 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x752348ef |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7523469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyA, address_out = 0x7522cd01 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x769f43ef |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SuspendThread, address_out = 0x76a17d7e |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = PathFindFileNameA, address_out = 0x76d100aa |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExA, address_out = 0x752314b3 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIA, address_out = 0x76d0d250 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegNotifyChangeKeyValue, address_out = 0x7522e15b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegEnumValueA, address_out = 0x7522cf49 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrTrimA, address_out = 0x76d3e63c |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrChrA, address_out = 0x76d0c5e6 |
|
2 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 2543216 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\internet explorer\iexplore.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x5860000 |
|
1 | |
| Map | - | process_name = C:\Program Files (x86)\Internet Explorer\iexplore.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x3f0000 |
|
1 | |
| Map | Local\{BE5AE8D3-0543-A058-7FD2-09D423264D48} | process_name = c:\program files (x86)\internet explorer\iexplore.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | Local\{510697B8-7C8B-AB70-0E15-700F2219A4B3} | process_name = c:\program files (x86)\internet explorer\iexplore.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | Local\{F2C61CFD-A979-F476-C346-ED68A7DA711C} | process_name = c:\program files (x86)\internet explorer\iexplore.exe, desired_access = FILE_MAP_READ |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
1 | |
| Get Username | user_name_out = aETAdzjz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
1 |
System (26)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
10 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 60000 milliseconds (60.000 seconds) |
|
4 | |
| Sleep | duration = 120000 milliseconds (120.000 seconds) |
|
2 | |
| Get Time | type = Ticks, time = 130151 |
|
1 | |
| Get Time | type = System Time, time = 2019-06-09 15:06:15 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 166843 |
|
1 | |
| Get Time | type = Ticks, time = 465865 |
|
1 | |
| Get Time | type = Ticks, time = 765871 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {7A3DADF8-91AE-BC96-EB4E-55B04F6259E4} |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15} |
|
3 |
Network Behavior
Process #6: firefox.exe
599
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\program files (x86)\mozilla firefox\firefox.exe |
| Command Line | "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Firefox\ |
| Monitor | Start Time: 00:01:05, Reason: Child Process |
| Unmonitor | End Time: 00:01:58, Reason: Self Terminated |
| Monitor Duration | 00:00:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb64 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B68
0x
B78
0x
B80
0x
B84
0x
BF8
0x
BFC
0x
8E8
0x
8E4
0x
8E0
0x
830
0x
88C
0x
938
0x
87C
0x
880
0x
884
0x
888
0x
894
0x
6AC
0x
308
0x
890
0x
4B0
0x
610
0x
360
0x
35C
0x
820
0x
824
0x
8DC
0x
51C
0x
868
0x
82C
0x
974
0x
9D0
0x
9B8
0x
9BC
0x
9C0
0x
9AC
0x
A54
0x
9F4
0x
9EC
0x
A58
0x
9A8
0x
9E8
0x
A0C
0x
A08
0x
AF4
0x
AE4
0x
AF0
0x
B14
0x
478
0x
B18
0x
A1C
0x
A20
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| firefox.exe | 0x01120000 | 0x01163FFF | Content Changed | - | 32-bit | - |
|
|
|
| firefox.exe | 0x01120000 | 0x01163FFF | Content Changed | - | 32-bit | - |
|
|
|
| firefox.exe | 0x01120000 | 0x01163FFF | Process Termination | - | 32-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\explorer.exe | 0xb60 | address = 0x1122478, size = 4 |
|
2 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xb60 | address = 0x810000, size = 1212416 |
|
1 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xb60 | address = 0xe0000, size = 792 |
|
1 | |
| Modify Control Flow | #3: c:\windows\explorer.exe | 0xb60 | os_tid = 0xb68, address = 0x0 |
|
1 |
Host Behavior
Registry (13)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Config | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Scr, type = REG_NONE |
|
1 |
Process (36)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | c:\program files (x86)\mozilla firefox\firefox.exe | type = PROCESS_BASIC_INFORMATION |
|
36 |
Module (251)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x75220000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x76d00000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | NSPR4.DLL | base_address = 0x0 |
|
1 | |
| Load | NSS3.DLL | base_address = 0x73ac0000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77310000 |
|
1 | |
| Get Handle | c:\program files (x86)\mozilla firefox\firefox.exe | base_address = 0x1120000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x769e0000 |
|
2 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77340000 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76c00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernelbase.dll | base_address = 0x75450000 |
|
1 | |
| Get Handle | c:\program files (x86)\mozilla firefox\nss3.dll | base_address = 0x73ac0000 |
|
4 | |
| Get Filename | AVIFIL32.dll | process_name = c:\program files (x86)\mozilla firefox\firefox.exe, file_name_orig = C:\Program Files (x86)\Mozilla Firefox\firefox.exe, size = 260 |
|
2 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlGetVersion, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _aulldiv, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _allmul, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _aullshr, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _allshl, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = _chkstk, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RtlUnwind, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = NtQueryVirtualMemory, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = InterlockedIncrement, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = InterlockedDecrement, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = InterlockedExchange, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetCommandLineA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetPrivateProfileSectionNamesW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetPrivateProfileStringW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetPrivateProfileIntW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x3ffc24 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x769f195e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7522ca94 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrRChrA, address_out = 0x76d0ccf5 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x76c2ae5f |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76c191b4 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = FindWindowA, address_out = 0x76c1ffe6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x7524a4b4 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetThreadDesktop, address_out = 0x76c16c63 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetUserObjectInformationA, address_out = 0x76c3d396 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CloseDesktop, address_out = 0x76c200fa |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIW, address_out = 0x76d146e9 |
|
10 | |
| Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PR_GetError, address_out = 0x73ac7aa0 |
|
1 | |
| Get Address | c:\program files (x86)\mozilla firefox\nss3.dll | function = PR_SetError, address_out = 0x73ac7b00 |
|
1 | |
| Get Address | c:\windows\syswow64\psapi.dll | function = EnumProcessModules, address_out = 0x77311408 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyA, address_out = 0x7522cc15 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x752348ef |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7523469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyA, address_out = 0x7522cd01 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x75234907 |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
1 | |
| Get Username | user_name_out = aETAdzjz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
1 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = Ticks, time = 131446 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {4A9E43FA-2179-0C40-FB1E-E5005F32E934} |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 |
Process #7: chrome.exe
1039
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\program files (x86)\google\chrome\application\chrome.exe |
| Command Line | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --use-spdy=off |
| Initial Working Directory | C:\Program Files (x86)\Google\Chrome\Application\ |
| Monitor | Start Time: 00:01:06, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:53 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb70 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B74
0x
B88
0x
B8C
0x
810
0x
850
0x
8A0
0x
860
0x
34C
0x
55C
0x
41C
0x
8EC
0x
90C
0x
914
0x
918
0x
31C
0x
910
0x
908
0x
904
0x
900
0x
8FC
0x
8F8
0x
8F4
0x
8F0
0x
924
0x
930
0x
848
0x
934
0x
844
0x
838
0x
83C
0x
840
0x
940
0x
43C
0x
5FC
0x
580
0x
21C
0x
468
0x
584
0x
7E8
0x
9F8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| chrome.exe | 0x13F510000 | 0x13F63CFFF | Content Changed | - | 64-bit | - |
|
|
|
| chrome.exe | 0x13F510000 | 0x13F63CFFF | Content Changed | - | 64-bit | - |
|
|
|
| chrome.exe | 0x13F510000 | 0x13F63CFFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #3: c:\windows\explorer.exe | 0xb6c | address = 0x13f5437e0, size = 4 |
|
2 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xb6c | address = 0x1d50000, size = 1269760 |
|
1 | |
| Modify Memory | #3: c:\windows\explorer.exe | 0xb6c | address = 0xe0000, size = 792 |
|
1 | |
| Modify Control Flow | #3: c:\windows\explorer.exe | 0xb6c | os_tid = 0xb74, address = 0x1 |
|
1 |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SYSTEM32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
3 | |
| Read | C:\Windows\SYSTEM32\ntdll.dll | size = 4, size_out = 4 |
|
3 |
Registry (13)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Config | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Scr, type = REG_NONE |
|
1 |
Process (71)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | os_pid = 0xb90, creation_flags = CREATE_SUSPENDED, CREATE_EXTENDED_STARTUPINFO_PRESENT, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Create | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | os_pid = 0xbd4, creation_flags = CREATE_SUSPENDED, CREATE_EXTENDED_STARTUPINFO_PRESENT, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | os_pid = 0x9fc, creation_flags = CREATE_SUSPENDED, CREATE_DETACHED_PROCESS, CREATE_UNICODE_ENVIRONMENT, CREATE_EXTENDED_STARTUPINFO_PRESENT, CREATE_BREAKAWAY_FROM_JOB, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Get Info | c:\program files (x86)\google\chrome\application\chrome.exe | type = PROCESS_BASIC_INFORMATION |
|
66 | |
| Get Info | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Thread (16)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Suspend | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
2 | |
| Suspend | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
1 | |
| Get Context | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
3 | |
| Get Context | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
2 | |
| Set Context | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
1 | |
| Set Context | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
1 | |
| Resume | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
3 | |
| Resume | c:\program files (x86)\google\chrome\application\chrome.exe | os_tid = 0xb74 |
|
2 | |
| Resume | - | os_tid = 0x9f0 |
|
1 |
Memory (28)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 3136608, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3136616 |
|
1 | |
| Allocate | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 3139792, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 3139800 |
|
1 | |
| Protect | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, protection = PAGE_EXECUTE_READWRITE, size = 4 |
|
2 | |
| Protect | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, protection = PAGE_EXECUTE_READ, size = 4 |
|
2 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 8796092882944, size = 616 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357240320, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357240648, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5358159256, size = 40 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5358041600, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, size = 4 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 8796092841984, size = 616 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357240320, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357240648, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5358159256, size = 40 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5358041600, size = 4096 |
|
1 | |
| Read | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 5357451232, size = 4 |
|
1 | |
| Write | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 0x13f5437e0, size = 4 |
|
2 | |
| Write | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 0x3e0000, size = 792 |
|
1 | |
| Write | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 0x13f5437e0, size = 4 |
|
2 | |
| Write | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | address = 0x70000, size = 792 |
|
1 |
Module (348)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x7fefd710000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x7fefd5c0000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76f40000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77320000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
4 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7fef9a10000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
6 | |
| Load | kernel32 | base_address = 0x0 |
|
3 | |
| Load | kernel32 | base_address = 0x77040000 |
|
4 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-string-l1-1-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-datetime-l1-1-1 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-localization-obsolete-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe | base_address = 0x13f510000 |
|
2 | |
| Load | C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome.dll | base_address = 0x7feef100000 |
|
1 | |
| Load | OLEACCRC.DLL | base_address = 0x340001 |
|
1 | |
| Load | - | base_address = 0x0 |
|
1 | |
| Load | C:\Windows\system32\uxtheme.dll | base_address = 0x7fefba00000 |
|
4 | |
| Load | API-MS-Win-Core-LocalRegistry-L1-1-0.dll | base_address = 0x77040000 |
|
1 | |
| Load | C:\Windows\system32\audioses.dll | base_address = 0x7fef7760000 |
|
1 | |
| Load | propsys.dll | base_address = 0x7fefba60000 |
|
1 | |
| Load | C:\Windows\system32\wlanapi.dll | base_address = 0x7fef42a0000 |
|
1 | |
| Load | api-ms-win-security-systemfunctions-l1-1-0 | base_address = 0x0 |
|
1 | |
| Load | advapi32 | base_address = 0x0 |
|
1 | |
| Load | advapi32 | base_address = 0x7fefd710000 |
|
1 | |
| Get Handle | c:\program files (x86)\google\chrome\application\chrome.exe | base_address = 0x13f510000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
8 | |
| Get Handle | c:\windows\system32\ntdll.dll | base_address = 0x77160000 |
|
4 | |
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x76f40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernelbase.dll | base_address = 0x7fefd330000 |
|
1 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x7fefd710000 |
|
2 | |
| Get Handle | CHROME_CHILD.DLL | base_address = 0x0 |
|
63 | |
| Get Filename | AVIFIL32.dll | process_name = c:\program files (x86)\google\chrome\application\chrome.exe, file_name_orig = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, size = 260 |
|
2 | |
| Get Filename | c:\windows\system32\ntdll.dll | process_name = c:\program files (x86)\google\chrome\application\chrome.exe, file_name_orig = C:\Windows\SYSTEM32\ntdll.dll, size = 260 |
|
3 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = __C_specific_handler, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = __chkstk, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x2ff0f0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x770491d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7fefd71d710 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrRChrA, address_out = 0x7fefd5c4c9c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76fbbae8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76f50a90 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = FindWindowA, address_out = 0x76f68270 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefd71dc20 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetThreadDesktop, address_out = 0x76f5a850 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetUserObjectInformationA, address_out = 0x76f4777c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CloseDesktop, address_out = 0x76f4d850 |
|
1 | |
| Get Address | c:\windows\system32\psapi.dll | function = EnumProcessModules, address_out = 0x77321050 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIW, address_out = 0x7fefd5cfb70 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyA, address_out = 0x7fefd71d6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefd72c480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefd730710 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyA, address_out = 0x7fefd717c50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefd72b5f0 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = PathFindFileNameW, address_out = 0x7fefd5d3920 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrChrW, address_out = 0x7fefd5cfa50 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrTrimW, address_out = 0x7fefd5cb090 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = ResumeThread, address_out = 0x770513a0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SuspendThread, address_out = 0x77042f60 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 3138048 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 3141232 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\google\chrome\application\chrome.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2b60000 |
|
1 | |
| Map | - | process_name = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1df0000 |
|
1 | |
| Map | - | process_name = c:\program files (x86)\google\chrome\application\chrome.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2d70000 |
|
1 | |
| Map | - | process_name = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x1da0000 |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
1 | |
| Get Username | user_name_out = aETAdzjz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
1 |
System (9)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
3 | |
| Get Time | type = Ticks, time = 132881 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {E66674FB-0DD1-08BF-C77A-91BCEB4E55B0} |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 |
Process #8: chrome.exe
881
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\program files (x86)\google\chrome\application\chrome.exe |
| Command Line | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\aETAdzjz\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=59.0.3071.115 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7fef4b319d0,0x7fef4b319b8,0x7fef4b319e8 --use-spdy=off |
| Initial Working Directory | C:\Program Files (x86)\Google\Chrome\Application\ |
| Monitor | Start Time: 00:01:12, Reason: Child Process |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb90 |
| Parent PID | 0xb70 (c:\program files (x86)\google\chrome\application\chrome.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
B94
0x
BA4
0x
BA8
0x
BAC
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| chrome.exe | 0x13F510000 | 0x13F63CFFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | address = 0x13f5437e0, size = 4 |
|
2 | |
| Modify Memory | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | address = 0x1df0000, size = 1269760 |
|
1 | |
| Modify Memory | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | address = 0x3e0000, size = 792 |
|
1 | |
| Modify Control Flow | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | os_tid = 0xb94, address = 0x1 |
|
1 |
Host Behavior
Registry (13)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Config | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Scr, type = REG_NONE |
|
1 |
Process (66)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | c:\program files (x86)\google\chrome\application\chrome.exe | type = PROCESS_BASIC_INFORMATION |
|
66 |
Module (259)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x7fefd710000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x7fefd5c0000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76f40000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77320000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7fef9a10000 |
|
1 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
3 | |
| Load | kernel32 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x77040000 |
|
2 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
1 | |
| Load | api-ms-win-core-string-l1-1-0 | base_address = 0x0 |
|
1 | |
| Load | api-ms-win-core-datetime-l1-1-1 | base_address = 0x0 |
|
1 | |
| Load | api-ms-win-core-localization-obsolete-l1-2-0 | base_address = 0x0 |
|
1 | |
| Load | api-ms-win-appmodel-runtime-l1-1-2 | base_address = 0x0 |
|
1 | |
| Get Handle | c:\program files (x86)\google\chrome\application\chrome.exe | base_address = 0x13f510000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
6 | |
| Get Handle | c:\windows\system32\ntdll.dll | base_address = 0x77160000 |
|
3 | |
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x76f40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernelbase.dll | base_address = 0x7fefd330000 |
|
1 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x7fefd710000 |
|
2 | |
| Get Handle | CHROME_CHILD.DLL | base_address = 0x0 |
|
19 | |
| Get Filename | AVIFIL32.dll | process_name = c:\program files (x86)\google\chrome\application\chrome.exe, file_name_orig = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, size = 260 |
|
2 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = __C_specific_handler, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = __chkstk, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x23efe0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x770491d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7fefd71d710 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrRChrA, address_out = 0x7fefd5c4c9c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76fbbae8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76f50a90 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = FindWindowA, address_out = 0x76f68270 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefd71dc20 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetThreadDesktop, address_out = 0x76f5a850 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetUserObjectInformationA, address_out = 0x76f4777c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CloseDesktop, address_out = 0x76f4d850 |
|
1 | |
| Get Address | c:\windows\system32\psapi.dll | function = EnumProcessModules, address_out = 0x77321050 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIW, address_out = 0x7fefd5cfb70 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyA, address_out = 0x7fefd71d6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefd72c480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefd730710 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyA, address_out = 0x7fefd717c50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefd72b5f0 |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
1 | |
| Get Username | user_name_out = aETAdzjz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Get Time | type = Ticks, time = 135034 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {8628A1FE-2D66-A811-E71A-B15C0BEE7550} |
|
1 |
Process #10: chrome.exe
933
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\program files (x86)\google\chrome\application\chrome.exe |
| Command Line | "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2932 --on-initialized-event-handle=392 --parent-handle=396 /prefetch:6 |
| Initial Working Directory | C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\ |
| Monitor | Start Time: 00:01:18, Reason: Child Process |
| Unmonitor | End Time: 00:01:58, Reason: Self Terminated |
| Monitor Duration | 00:00:40 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd4 |
| Parent PID | 0xb70 (c:\program files (x86)\google\chrome\application\chrome.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
BD8
0x
BE8
0x
BEC
0x
BF4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| chrome.exe | 0x13F510000 | 0x13F63CFFF | Process Termination | - | 64-bit | - |
|
|
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | address = 0x13f5437e0, size = 4 |
|
2 | |
| Modify Memory | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | address = 0x1da0000, size = 1269760 |
|
1 | |
| Modify Memory | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | address = 0x70000, size = 792 |
|
1 | |
| Modify Control Flow | #7: c:\program files (x86)\google\chrome\application\chrome.exe | 0xb74 | os_tid = 0xbd8, address = 0x1 |
|
1 |
Host Behavior
Registry (13)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Config | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Scr, type = REG_NONE |
|
1 |
Process (66)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | c:\program files (x86)\google\chrome\application\chrome.exe | type = PROCESS_BASIC_INFORMATION |
|
66 |
Module (305)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x7fefd710000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x7fefd5c0000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76f40000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77320000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
4 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x7fef9a10000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
6 | |
| Load | kernel32 | base_address = 0x0 |
|
4 | |
| Load | kernel32 | base_address = 0x77040000 |
|
4 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-string-l1-1-0 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-datetime-l1-1-1 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-localization-obsolete-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\chrome_watcher.dll | base_address = 0x7feeed90000 |
|
1 | |
| Load | C:\Windows\system32\uxtheme.dll | base_address = 0x7fefba00000 |
|
4 | |
| Load | api-ms-win-appmodel-runtime-l1-1-2 | base_address = 0x0 |
|
1 | |
| Get Handle | c:\program files (x86)\google\chrome\application\chrome.exe | base_address = 0x13f510000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
6 | |
| Get Handle | c:\windows\system32\ntdll.dll | base_address = 0x77160000 |
|
3 | |
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x76f40000 |
|
1 | |
| Get Handle | c:\windows\system32\kernelbase.dll | base_address = 0x7fefd330000 |
|
1 | |
| Get Handle | c:\windows\system32\advapi32.dll | base_address = 0x7fefd710000 |
|
2 | |
| Get Handle | CHROME_CHILD.DLL | base_address = 0x0 |
|
46 | |
| Get Filename | AVIFIL32.dll | process_name = c:\program files (x86)\google\chrome\application\chrome.exe, file_name_orig = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, size = 260 |
|
2 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = __C_specific_handler, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = __chkstk, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x27f070 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsWow64Process, address_out = 0x770491d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7fefd71d710 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrRChrA, address_out = 0x7fefd5c4c9c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = wsprintfA, address_out = 0x76fbbae8 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76f50a90 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = FindWindowA, address_out = 0x76f68270 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = GetUserNameA, address_out = 0x7fefd71dc20 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetThreadDesktop, address_out = 0x76f5a850 |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = GetUserObjectInformationA, address_out = 0x76f4777c |
|
1 | |
| Get Address | c:\windows\system32\user32.dll | function = CloseDesktop, address_out = 0x76f4d850 |
|
1 | |
| Get Address | c:\windows\system32\psapi.dll | function = EnumProcessModules, address_out = 0x77321050 |
|
1 | |
| Get Address | c:\windows\system32\shlwapi.dll | function = StrStrIW, address_out = 0x7fefd5cfb70 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyA, address_out = 0x7fefd71d6d0 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegQueryValueExA, address_out = 0x7fefd72c480 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCloseKey, address_out = 0x7fefd730710 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegCreateKeyA, address_out = 0x7fefd717c50 |
|
1 | |
| Get Address | c:\windows\system32\advapi32.dll | function = RegOpenKeyExA, address_out = 0x7fefd72b5f0 |
|
1 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
1 | |
| Get Username | user_name_out = aETAdzjz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
1 |
System (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Time | type = Ticks, time = 139090 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {FA436005-1103-3CE1-6BCE-D530CFE2D964} |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 |
Process #11: iexplore.exe
1065
4
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\program files (x86)\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2900 CREDAT:14337 |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:01:21, Reason: Child Process |
| Unmonitor | End Time: 00:15:20, Reason: Terminated by Timeout |
| Monitor Duration | 00:13:58 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x130 |
| Parent PID | 0xb54 (c:\program files (x86)\internet explorer\iexplore.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
7D8
0x
7D0
0x
790
0x
614
0x
274
0x
500
0x
898
0x
89C
0x
6F4
0x
870
0x
854
0x
828
0x
834
0x
440
0x
920
0x
31C
0x
364
0x
574
0x
BB4
0x
274
0x
650
0x
878
0x
360
0x
A7C
0x
AF8
|
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #5: c:\program files (x86)\internet explorer\iexplore.exe | 0xb58 | address = 0xd61c9a, size = 4 |
|
2 | |
| Modify Memory | #5: c:\program files (x86)\internet explorer\iexplore.exe | 0xb58 | address = 0x3f0000, size = 1212416 |
|
1 | |
| Modify Memory | #5: c:\program files (x86)\internet explorer\iexplore.exe | 0xb58 | address = 0x250000, size = 792 |
|
1 | |
| Modify Control Flow | #5: c:\program files (x86)\internet explorer\iexplore.exe | 0xb58 | os_tid = 0x7d8, address = 0x250218 |
|
1 |
Host Behavior
File (8)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED |
|
1 | |
| Create | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OVERLAPPED |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12, size_out = 0 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 0, size_out = 0 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12, size_out = 12 |
|
1 | |
| Read | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 0, size_out = 0 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12 |
|
1 | |
| Write | \\.\pipe\{5797B6E3-CA4C-A155-8C7B-9E6580DFB269} | size = 12 |
|
1 |
Registry (37)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Create Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
3 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\SecureBrain\PhishWall | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580\Config | - |
|
4 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
3 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductID, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = CurrentVersion, data = 54 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = InstallDate, data = 138 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Scr, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = Client, type = REG_BINARY |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = LastTask, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\3632F5D8-1D04-D8B6-57CA-A18C7B9E6580 | value_name = LastTask, type = REG_NONE |
|
1 |
Process (101)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | c:\program files (x86)\internet explorer\iexplore.exe | type = PROCESS_BASIC_INFORMATION |
|
101 |
Module (298)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | ntdll.dll | base_address = 0x0 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x0 |
|
1 | |
| Load | AVIFIL32.dll | base_address = 0x0 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x75220000 |
|
1 | |
| Load | SHLWAPI.dll | base_address = 0x76d00000 |
|
1 | |
| Load | USER32.dll | base_address = 0x76c00000 |
|
1 | |
| Load | PSAPI.DLL | base_address = 0x77310000 |
|
1 | |
| Load | WININET.DLL | base_address = 0x768e0000 |
|
1 | |
| Load | ieframe | base_address = 0x73c80000 |
|
1 | |
| Load | ieui | base_address = 0x74950000 |
|
1 | |
| Load | mshtml | base_address = 0x73500000 |
|
1 | |
| Load | inetcpl.cpl | base_address = 0x73270000 |
|
1 | |
| Load | ieapfltr | base_address = 0x72a20000 |
|
1 | |
| Load | urlmon | base_address = 0x756b0000 |
|
1 | |
| Load | WININET.dll | base_address = 0x768e0000 |
|
1 | |
| Get Handle | c:\program files (x86)\internet explorer\iexplore.exe | base_address = 0xd60000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x769e0000 |
|
5 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77340000 |
|
3 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76c00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernelbase.dll | base_address = 0x75450000 |
|
1 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x75220000 |
|
2 | |
| Get Handle | c:\windows\syswow64\wininet.dll | base_address = 0x768e0000 |
|
10 | |
| Get Filename | AVIFIL32.dll | process_name = c:\program files (x86)\internet explorer\iexplore.exe, file_name_orig = C:\Program Files (x86)\Internet Explorer\iexplore.exe, size = 260 |
|
2 | |
| Get Address | - | function = ZwClose, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ZwOpenProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ZwOpenProcessToken, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ZwQueryInformationToken, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = NtCreateSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = NtUnmapViewOfSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = NtMapViewOfSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlRandomEx, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ZwQueryInformationProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlGetVersion, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlNtStatusToDosError, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = NtQuerySystemInformation, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlImageNtHeader, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _strupr, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _wcsupr, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = memmove, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = bsearch, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _vsnwprintf, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = strstr, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _strlwr, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = atoi, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = wcscpy, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlFreeUnicodeString, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlUpcaseUnicodeString, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ZwQueryKey, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = sprintf, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _snprintf, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = memset, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlAdjustPrivilege, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = mbstowcs, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = memcpy, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = strcpy, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlImageDirectoryEntryToData, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = memcmp, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _aulldiv, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _allmul, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _aullshr, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _allshl, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = _chkstk, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RtlUnwind, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = NtQueryVirtualMemory, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FileTimeToSystemTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = OpenProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetLocalTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = VirtualQueryEx, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateRemoteThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetVersion, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ExitThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetTempFileNameA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = VirtualAlloc, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = DeleteCriticalSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = VirtualProtect, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetSystemInfo, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcmpA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetModuleFileNameA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetModuleHandleA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcmpiA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = MapViewOfFile, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = UnmapViewOfFile, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = Sleep, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LoadLibraryA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CloseHandle, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = WriteProcessMemory, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateFileMappingA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetCurrentProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateFileA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrlenA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GlobalUnlock, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcpyA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = HeapAlloc, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GlobalLock, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RemoveDirectoryA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = DeleteFileA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = HeapFree, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcatA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = WriteFile, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateDirectoryA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetLastError, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = InterlockedIncrement, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = InterlockedDecrement, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = HeapDestroy, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = HeapCreate, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SetEvent, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = HeapReAlloc, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetTickCount, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LocalFree, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetWindowsDirectoryA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SuspendThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ResumeThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcpyW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = WaitForMultipleObjects, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateDirectoryW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FindFirstFileW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = TerminateProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SwitchToThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcatW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FindClose, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ResetEvent, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FindNextFileW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetCurrentThreadId, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LocalAlloc, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateProcessW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CopyFileW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrlenW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SetWaitableTimer, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = DeleteFileW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetCurrentThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateEventA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetModuleFileNameW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetTempPathA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = InterlockedExchange, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetSystemTimeAsFileTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetFileAttributesW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetFileSize, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateFileW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = WideCharToMultiByte, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SetLastError, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LeaveCriticalSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = EnterCriticalSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateMutexA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetComputerNameA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = OpenWaitableTimerA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = OpenMutexA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ReleaseMutex, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetVolumeInformationA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = WaitForSingleObject, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetComputerNameW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = InitializeCriticalSection, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LoadLibraryExW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetProcAddress, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetExitCodeProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateProcessA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetDriveTypeW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = OpenFileMappingA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetLogicalDriveStringsW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = VirtualFree, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcpynA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LocalReAlloc, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = TlsGetValue, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = TlsSetValue, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = TlsAlloc, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = LoadLibraryW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetVersionExW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FreeLibrary, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ReadFile, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SetFilePointer, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = Thread32Next, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateToolhelp32Snapshot, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = QueueUserAPC, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = Thread32First, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetCurrentProcessId, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = OpenThread, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FindNextFileA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FindFirstFileA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = DisconnectNamedPipe, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FlushFileBuffers, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetSystemTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateNamedPipeA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CallNamedPipeA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = WaitNamedPipeA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ConnectNamedPipe, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetOverlappedResult, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CancelIo, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetCommandLineA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AddVectoredExceptionHandler, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ExitProcess, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = OpenEventA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetTempPathW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RemoveDirectoryW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CompareFileTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RemoveVectoredExceptionHandler, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SleepEx, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetFileTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = SetEndOfFile, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetPrivateProfileSectionNamesW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetPrivateProfileStringW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = lstrcmpiW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetPrivateProfileIntW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = RaiseException, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = ExpandEnvironmentStringsA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = Process32FirstW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = Process32NextW, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = QueueUserWorkItem, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = FileTimeToLocalFileTime, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = CreateWaitableTimerA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = GetFileAttributesA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = VirtualProtectEx, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIFileExit, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIFileRelease, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIFileInit, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIStreamWrite, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIFileCreateStreamA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIFileOpenA, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIStreamRelease, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIStreamSetFormat, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | - | function = AVIMakeCompressedStream, ordinal = 0, address_out = 0x37fe6c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x769f195e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ConvertStringSecurityDescriptorToSecurityDescriptorA, address_out = 0x7522ca94 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrRChrA, address_out = 0x76d0ccf5 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wsprintfA, address_out = 0x76c2ae5f |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetWindowThreadProcessId, address_out = 0x76c191b4 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = FindWindowA, address_out = 0x76c1ffe6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameA, address_out = 0x7524a4b4 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetThreadDesktop, address_out = 0x76c16c63 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetUserObjectInformationA, address_out = 0x76c3d396 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CloseDesktop, address_out = 0x76c200fa |
|
1 | |
| Get Address | c:\windows\syswow64\psapi.dll | function = EnumProcessModules, address_out = 0x77311408 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIW, address_out = 0x76d146e9 |
|
10 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x75234907 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetWriteFile, address_out = 0x769146da |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCanonicalizeUrlA, address_out = 0x7695a787 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = FindFirstUrlCacheEntryA, address_out = 0x7690d8ca |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpEndRequestA, address_out = 0x769145ea |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestW, address_out = 0x7690ba12 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionA, address_out = 0x768f1b56 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFileExW, address_out = 0x7692ae0e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = FindCloseUrlCache, address_out = 0x76928409 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x7690f18e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x769049e9 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionA, address_out = 0x768f75e8 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x76904c7d |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x769718f8 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x768fb406 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetStatusCallback, address_out = 0x7690933e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpAddRequestHeadersA, address_out = 0x768fdcd2 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x768fab49 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryOptionW, address_out = 0x768f7ed7 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestW, address_out = 0x76904a42 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpQueryInfoA, address_out = 0x768fa33e |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetGetCookieA, address_out = 0x76972c90 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFileExA, address_out = 0x7692ae46 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = FindNextUrlCacheEntryA, address_out = 0x7690da09 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = DeleteUrlCacheEntry, address_out = 0x769259e8 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetQueryDataAvailable, address_out = 0x76905e5d |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestExA, address_out = 0x76971812 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyA, address_out = 0x7522cc15 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x752348ef |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7523469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyA, address_out = 0x7522cd01 |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrStrIA, address_out = 0x76d0d250 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegNotifyChangeKeyValue, address_out = 0x7522e15b |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrTrimA, address_out = 0x76d3e63c |
|
1 | |
| Get Address | c:\windows\syswow64\shlwapi.dll | function = StrChrA, address_out = 0x76d0c5e6 |
|
2 |
User (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Username | - |
|
1 | |
| Get Username | user_name_out = aETAdzjz |
|
1 |
Window (1)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = ProgMan |
|
1 |
System (27)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = YKYD69Q |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
8 | |
| Sleep | duration = 60000 milliseconds (60.000 seconds) |
|
6 | |
| Sleep | duration = 10000 milliseconds (10.000 seconds) |
|
2 | |
| Get Time | type = Ticks, time = 141680 |
|
1 | |
| Get Time | type = Ticks, time = 151773 |
|
2 | |
| Get Time | type = Ticks, time = 451856 |
|
2 | |
| Get Time | type = Ticks, time = 751862 |
|
2 | |
| Get Info | type = Operating System |
|
1 |
Mutex (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = {A6611EF7-CD0C-C847-873A-517CAB0E1570} |
|
1 | |
| Open | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Local\{A3415127-A63A-CD11-C887-3A517CAB0E15}, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Local\{FCF9E212-2B0D-8EC0-95F0-8FA2992433F6} |
|
1 | |
| Release | mutex_name = Local\{4B67ACB1-2E14-B54D-90AF-42B9C45396FD} |
|
2 |
Network Behavior
TCP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 0 bytes |
| Total Data Received | 0 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 5.188.60.53 |
TCP Session #1
| Information | Value |
|---|---|
| Remote Address | 5.188.60.53 |
| Remote Port | 443 |
| Local Address | 192.168.0.13 |
| Local Port | 49165 |
| Data Sent | 0 bytes |
| Data Received | 0 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG, flags = INTERNET_FLAG_ASYNC |
|
1 | |
| Open Connection | protocol = HTTP, server_name = pilodirsob.com, server_port = 443 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP/1.1, target_resource = /images/5qbVQlb0ymuWmr_2FkDD/NVO_2FaAbeais0tlU4Y/q6BT_2B9eGfIoI43LtIhuV/QtnQchMUX6n9F/B3asYZXw/_2FhYDUJMTYaB3PKILEcVcg/WMgDIGrshB/e0T_2F3OwLtl327Jy/bBo858JdBzTI/m9AayoD6ps_/2Box0bRB6Ldta7/Ec_2F84BmjL_2BnKYZQkp/kBMno7exP3mbnkFE/DFUo4OOfG5hYXwg/QTjEpneV/Z.jpeg, accept_types = 0, flags = INTERNET_FLAG_CACHE_ASYNC, INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_SECURE, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = pilodirsob.com/images/5qbVQlb0ymuWmr_2FkDD/NVO_2FaAbeais0tlU4Y/q6BT_2B9eGfIoI43LtIhuV/QtnQchMUX6n9F/B3asYZXw/_2FhYDUJMTYaB3PKILEcVcg/WMgDIGrshB/e0T_2F3OwLtl327Jy/bBo858JdBzTI/m9AayoD6ps_/2Box0bRB6Ldta7/Ec_2F84BmjL_2BnKYZQkp/kBMno7exP3mbnkFE/DFUo4OOfG5hYXwg/QTjEpneV/Z.jpeg |
|
1 | |
| Close Session | - |
|
1 |
Process #13: cmd.exe
67
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "systeminfo.exe > C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:36, Reason: Child Process |
| Unmonitor | End Time: 00:02:06, Reason: Self Terminated |
| Monitor Duration | 00:00:29 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x86c |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
950
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 2.15 KB |
MD5:
9ca0b372ff5850bb42dce6fbe589337a
SHA1: fec2e1203e40e9bab3c933ea38f547bbb3b2b624 SHA256: 2f1cdc7389eae91a8c043f60941f1acd64a2bb245706652f253a454e20770001 SSDeep: 48:KR0QD3CqYxnwxmzWGK/JIjdG7XSkkS3CEUXxFjCV3i6D:KR0QDyqUnwRQzPDv3Ii6D |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 2.17 KB |
MD5:
fbd635e77106b300c438ad738444db24
SHA1: 2026d0e93d638ef05827b058b92432888556fe23 SHA256: 9cbf2b69d0824926f7a5cc8a6cbfd1422890d1b6139a18fb5c73524b538f28cf SSDeep: 48:KR0QD3CqYxnwxmzWGK/JIjdG7XSkkS3CEUXxFjCV3i6A:KR0QDyqUnwRQzPDv3Ii6A |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 2.18 KB |
MD5:
95c380581ab16ca2c94ac422a8b58422
SHA1: 68c5d00ed02dfbca87472359d537fd0bb0056c21 SHA256: de9603e3500aec167a0af1771009789c90421516ae693b9f1abac695a3af8f99 SSDeep: 48:KR0QD3CqYxnwxmzWGK/JIjdG7XSkkS3CEUXxFjCV3i61:KR0QDyqUnwRQzPDv3Ii61 |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 2.26 KB |
MD5:
913cd32fec97b48566f5477050b33aaf
SHA1: 9a9d53e9dc7851af179ba3332f23d7a479d6a1bf SHA256: 87c3b9972840f794f279a25daaa020440e08807a7714f167ce3739555c5de820 SSDeep: 48:KR0QD3CqYxnwxmzWGK/JIjdG7XSkkS3CEUXxFjCV3i69w0:KR0QDyqUnwRQzPDv3Ii69w0 |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 2.27 KB |
MD5:
f6d4e0598575dce762164ba79ab62e6d
SHA1: 46e4a7813a54b72db5b25653fbf9ff70acfbaa85 SHA256: d8587dc5f5fe2dfd6bf195838bc5660f6f17091707a9af26957b3131aa7839e5 SSDeep: 48:KR0QD3CqYxnwxmzWGK/JIjdG7XSkkS3CEUXxFjCV3i69wp:KR0QDyqUnwRQzPDv3Ii69wp |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 8.14 KB |
MD5:
34b563dfcc7edae089ab55499f084670
SHA1: f40b182389e7765f7de3443eaa1175a986e02137 SHA256: b216ab0344cc335a28629d3ba91c89d73f20a3dab45e6168eca48dcb9a67448e SSDeep: 192:Z5q8wRKPDv3yy4EvLasmPz88r+0mITu3CQbpCVRLHVXtLhPhF8eZhDADncPXpvrC:unKP7L4EvLtmPz88r+0mWu3XbpCVRLHa |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 25.20 KB |
MD5:
54d51a4c4d122f877ed974de041332ba
SHA1: 5c454b8f75c07702759cda98313590fdf6a2a238 SHA256: 765b50185a656c6d8c3d73b99ff8905c084a95cf171fd80539b866cd104c83e5 SSDeep: 768:unKPH4EvLtmPz88r+0mWu3tCVRLHVXtLhPhF8eZhDADncPXpvr2Aj75TLqdelpEo:CA4EvLtmbRr+0mWu3tCVRLHVXtLhPhFP |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 47.89 KB |
MD5:
b0da96e9d25b44313aee063c747944eb
SHA1: 47b37f093a7eac6a8217cb0892312a1ee1ca11f7 SHA256: f4d656ca0d06aa91f329ae11f963328b7d74835c3b4ad189af0f8651451af3cc SSDeep: 768:unKPH4EvLtmPz88r+0mWu3tCVRLHVXtLhPhF8eZhDADncPXpvr2Aj75TLqdelpEn:CA4EvLtmbRr+0mWu3tCVRLHVXtLhPhFm |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 47.90 KB |
MD5:
8898f736d5002d1c6d9d7c6e81202ba4
SHA1: dd2388772d21c16bfdcb5c3d6709906c4fb59465 SHA256: 749dffd14467f1dae82a0245b22a60ca728505bd92100473d59f8843f714dfe6 SSDeep: 768:unKPH4EvLtmPz88r+0mWu3tCVRLHVXtLhPhF8eZhDADncPXpvr2Aj75TLqdelpEU:CA4EvLtmbRr+0mWu3tCVRLHVXtLhPhFj |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 78.82 KB |
MD5:
1fdea0ffd8120c1922da4daacab1668a
SHA1: 7640613e6b6b0061c528debc257f14da79730960 SHA256: 213116dd345dd9711b11f46fadc508ceb57271300cee8adefef729280f713a4b SSDeep: 1536:CA4EvLtmbRr+0mWu3tCVRLHVXtLhPhF8eZhDADncPXpvr2Aj75TLqdelpEuKhKI4:CDFIKsBLAzkfLZALAzwogu/LAzkF5cI6 |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 78.83 KB |
MD5:
49c484df39aec6ecaa359b56f58f4931
SHA1: bc48076ec5095f1dbfd751d0337084d4e230bbde SHA256: b201a32b8f9ab111723fd7c3b812016be28bc6f2d56769e5721335c616c196dd SSDeep: 1536:CA4EvLtmbRr+0mWu3tCVRLHVXtLhPhF8eZhDADncPXpvr2Aj75TLqdelpEuKhKId:CDFIKsBLAzkfLZALAzwogu/LAzkF5cIn |
|
|
Host Behavior
File (17)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | systeminfo.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\systeminfo.exe | os_pid = 0x984, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a440000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 153910 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22316480249 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #14: systeminfo.exe
0
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\systeminfo.exe |
| Command Line | systeminfo.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:38, Reason: Child Process |
| Unmonitor | End Time: 00:02:06, Reason: Self Terminated |
| Monitor Duration | 00:00:27 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x984 |
| Parent PID | 0x86c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
98C
0x
97C
0x
988
0x
9DC
0x
998
|
Process #15: makecab.exe
73
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\makecab.exe |
| Command Line | makecab.exe /F "C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin" |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Roaming\MICROS~1\{F5FB2~1\ |
| Monitor | Start Time: 00:01:40, Reason: Child Process |
| Unmonitor | End Time: 00:01:43, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa04 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
93C
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_9 | 8 bytes |
MD5:
7b5b6c7bf41e6055abd4e74476e08575
SHA1: 5c05d3a68f69258d236f6d9677cc0a42e399e7cc SHA256: 2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f SSDeep: 3:P:P |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_5 | 84 bytes |
MD5:
557102a84341d48932dd5821405d8904
SHA1: b09d2ae8acdec2e2f7dccaedc6939462ae31c0fe SHA256: cb8787267b07d9c306266d60a4a784c0abace264b6a30585efa999bd60ec4068 SSDeep: 3:j0IQyiv2PuIX3gWuBzwSdc4CxYKn:nQyivzIXwvzT/CWK |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | 163 bytes |
MD5:
3a74cf8b812e6aa359550e43876d7e32
SHA1: c7f1bc8fbc3cde31d971e07617dd40b6945c806a SHA256: a9ce9f70766373855522e40ea861456df07ca3a910dceb49d5e4963bdb338069 SSDeep: 3:wm/Ll5/thGl+lgG/GmSVQd8u0IQyiv2PuIX3gWuBzwSdc4CxYKn:wGTGsCG/GmSVQd8OQyivzIXwvzT/CWK |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_7 | 84 bytes |
MD5:
4683df92be0b9be079e32bdc8dd65051
SHA1: 382b82ea028e7948d7597794838814a725cb66fa SHA256: deeb1ad922ec8b582ae8b21e3505c990d2dbe67e9b2c7387991cd1cfe2ed22ae SSDeep: 3:J8u0IQyiv2PuIX3gWuBzwSdc4CxYKn:J8OQyivzIXwvzT/CWK |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_6 | 35 bytes |
MD5:
97005095b7b47dda90e124bd479d5d0e
SHA1: 9167c3148ad8d72c77cc0c0ddf8f03e55a53aab2 SHA256: 2a608056aa132c7895661a9271f81bc125f3890467e8e208c79507fa642fe258 SSDeep: 3:fltG/GmSVC:TG/GmSVC |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_3 | 30 bytes |
MD5:
797f0691e548f8ed2a4c68ee0ad9cfd6
SHA1: 6e10ed105fffeb1192a4f89719240896577e271f SHA256: 0e6a65bf67965d39b0abaad2dd7726237aaa0c199b163a8bd927e46df497ab9d SSDeep: 3:NLBoNBMLov:ZenD |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_4 | 40 bytes |
MD5:
d75809a21cc5bf3c1ad768638dc788b5
SHA1: 93cf96565b5b69ab3340dc68ebecae704a6bb3c0 SHA256: 8e0036bda5ae83545c7f2357bd3a88b0d4223eeb5b58f781c85f460dcab81ee1 SSDeep: 3:dJgVRl+8hGmSVA:dq5+wGmSVA |
|
|
| setup.inf | 946 bytes |
MD5:
5c44b95912d66eff44194d4f4b1a5984
SHA1: 53221ffe07fca4c65c74924502d443eb1f79b83a SHA256: 7413f8334d06e68a4a3271ae7263054d62a8652f0fa4a7803a47d7764c18db6f SSDeep: 12:QxncDimwR8KznsPOyneJheCxSVL8IncDimwR8KznhIv:QF8vwnzn0OynKheCxwl8vwnznw |
|
|
| setup.rpt | 283 bytes |
MD5:
4048eb7ffbab203c61aace323ee36049
SHA1: b7b76b01841aaef3b9693b7f2e88adc9e22368c9 SHA256: d9030169a70ac3e343286d0a53b3ebd31a6336d23d743c81b0ad5a3c59a38627 SSDeep: 6:vwcuK5fb/ukKpWmVKQrAs10iwezi/hGxQTyF:vAKJXKIeBrOiwe2J6F |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_2 | 23 bytes |
MD5:
4230347e5849e9c7230227a287ae4a41
SHA1: a3fa042694dc86f05973ac07231c95cf590d606a SHA256: 2484fa669042204d83d907de45012a2aef7f6687613ce76169097240415b0abd SSDeep: 3:R0qxv:Rf |
|
|
Host Behavior
File (66)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | file_attributes = _O_EXCL |
|
1 | |
| Create | CAB02564.TMP | file_attributes = _O_RDWR, _O_CREAT, _O_EXCL |
|
2 | |
| Create | setup.inf | file_attributes = _O_RDWR, _O_CREAT |
|
1 | |
| Create | setup.rpt | file_attributes = _O_RDWR, _O_CREAT |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_2 | file_attributes = _O_WRONLY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_3 | file_attributes = _O_WRONLY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_4 | file_attributes = _O_WRONLY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | file_attributes = _O_EXCL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | file_attributes = _O_RDWR, _O_CREAT, _O_EXCL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_5 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_6 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_7 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_9 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | 01D51ED4E3ECF92009 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_10 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_11 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\2855.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_12 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_13 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2564_14 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | setup.inf | file_attributes = _O_WRONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_2 | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_3 | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_4 | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | setup.rpt | file_attributes = _O_WRONLY |
|
1 | |
| Get Info | 01D51ED4E3ECF92009 | type = file_attributes |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 3 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 4096 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 3 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\1FB1.bin | size = 4096 |
|
1 | |
| Read | - | size = 32768 |
|
3 | |
| Read | - | size = 32670 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 8 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 76 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 8 |
|
1 | |
| Read | - | size = 16 |
|
1 | |
| Read | - | size = 256 |
|
1 | |
| Read | - | size = 16 |
|
1 | |
| Read | - | size = 8 |
|
1 | |
| Read | - | size = 8 |
|
1 | |
| Read | - | size = 32768 |
|
2 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_2 | size = 2048, size_out = 23 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_3 | size = 2048, size_out = 30 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_4 | size = 2048, size_out = 40 |
|
1 | |
| Write | - | size = 16 |
|
2 | |
| Write | - | size = 19 |
|
2 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 8 |
|
2 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 76 |
|
1 | |
| Write | - | size = 8 |
|
2 | |
| Write | - | size = 76 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 36 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 35 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 84 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02564.TMP | size = 4 |
|
1 | |
| Write | setup.inf | size = 23 |
|
1 | |
| Write | setup.inf | size = 30 |
|
1 | |
| Write | setup.inf | size = 40 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\makecab.exe | base_address = 0xff3e0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x7705c4a0 |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:20 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 156671 |
|
1 | |
| Get Time | type = Performance Ctr, time = 22609508610 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Process #17: helper.exe
44
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\program files (x86)\mozilla firefox\uninstall\helper.exe |
| Command Line | "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppUser |
| Initial Working Directory | C:\Program Files (x86)\Mozilla Firefox\ |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:02:00, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xafc |
| Parent PID | 0xb64 (c:\program files (x86)\mozilla firefox\firefox.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AF8
0x
B1C
0x
B30
|
Host Behavior
COM (6)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 591209C7-767B-42B2-9FBA-44EE4615F2C7 | 4E530B0A-E611-4C77-A3AC-9031D022281B | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| Create | 00021401-0000-0000-C000-000000000046 | 000214F9-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER |
|
5 |
File (7)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Add Search Path | - | - |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 |
Module (26)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x769e0000 |
|
11 | |
| Get Handle | c:\windows\syswow64\shell32.dll | base_address = 0x75890000 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\mozilla firefox\uninstall\helper.exe, file_name_orig = C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDllDirectoryW, address_out = 0x76a7004f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLongPathNameW, address_out = 0x769fa315 |
|
9 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionEx, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExW, address_out = 0x769f1ae5 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHChangeNotify, address_out = 0x758e7965 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Operating System |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Process #20: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:06, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x250 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
310
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a710000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:45 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 181117 |
|
1 | |
| Get Time | type = Performance Ctr, time = 25073884016 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #21: cmd.exe
70
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "net view >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x248 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
204
|
Host Behavior
File (20)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\net.exe | os_pid = 0x6bc, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a320000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:45 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 181304 |
|
1 | |
| Get Time | type = Performance Ctr, time = 25093421449 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #22: net.exe
0
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\net.exe |
| Command Line | net view |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:06, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:14 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6bc |
| Parent PID | 0x248 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
600
0x
318
|
Process #27: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:21, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7dc |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
218
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49df0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:57 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 193862 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26470325823 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #28: cmd.exe
70
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "nslookup 127.0.0.1 >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:23, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x610 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A18
|
Host Behavior
File (20)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\nslookup.exe | os_pid = 0xb84, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4aae0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:57 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 194002 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26484132184 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #31: nslookup.exe
11
1
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\system32\nslookup.exe |
| Command Line | nslookup 127.0.0.1 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:23, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb84 |
| Parent PID | 0x610 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
BF8
0x
BFC
|
Host Behavior
Registry (7)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | value_name = DNSLookupOrder |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | value_name = Domain |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | value_name = DhcpDomain |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | value_name = SearchList |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | value_name = DhcpSearchList |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\nslookup.exe | base_address = 0xff990000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:58 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 194314 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26522518077 |
|
1 |
Network Behavior
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Hostname | name_out = YKyd69q |
|
1 |
Process #32: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:20, Reason: Child Process |
| Unmonitor | End Time: 00:02:23, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8e8 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8E0
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a980000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:59 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 195360 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26626316976 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #33: cmd.exe
71
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "tasklist.exe /SVC >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:21, Reason: Child Process |
| Unmonitor | End Time: 00:02:24, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x87c |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
880
|
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | tasklist.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\tasklist.exe | os_pid = 0x6ac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4abc0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:06:59 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 195438 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26634975501 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #34: tasklist.exe
0
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\system32\tasklist.exe |
| Command Line | tasklist.exe /SVC |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:21, Reason: Child Process |
| Unmonitor | End Time: 00:02:23, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6ac |
| Parent PID | 0x87c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8E4
0x
35C
0x
360
0x
820
0x
8DC
|
Process #35: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:23, Reason: Child Process |
| Unmonitor | End Time: 00:02:24, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x888 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9D0
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4aad0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:00 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 196124 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26817840651 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #36: cmd.exe
71
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "driverquery.exe >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:23, Reason: Child Process |
| Unmonitor | End Time: 00:02:27, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa54 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
9EC
|
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | driverquery.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\driverquery.exe | os_pid = 0x478, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a110000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:00 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 196218 |
|
1 | |
| Get Time | type = Performance Ctr, time = 26827660239 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #37: driverquery.exe
0
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\system32\driverquery.exe |
| Command Line | driverquery.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:23, Reason: Child Process |
| Unmonitor | End Time: 00:02:27, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x478 |
| Parent PID | 0xa54 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
A0C
0x
AE4
0x
A1C
0x
B18
0x
A20
|
Process #38: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:27, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x41c |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
5FC
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4aa60000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:02 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 198807 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27097551992 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #39: cmd.exe
71
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "reg.exe query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:29, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x810 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
860
|
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | reg.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\reg.exe | os_pid = 0x31c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a010000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:02 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 198901 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27106365888 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #40: reg.exe
10080
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\reg.exe |
| Command Line | reg.exe query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:26, Reason: Child Process |
| Unmonitor | End Time: 00:02:29, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x31c |
| Parent PID | 0x810 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
908
|
Host Behavior
File (5544)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2772 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2772 |
Registry (1289)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayName, data = Adobe Flash Player 11 ActiveX 64-bit |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = Publisher, data = Adobe Systems Incorporated |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayVersion, data = 11.2.202.233 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = HelpLink, data = http://www.adobe.com/go/flashplayer_support/ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = RequiresIESysFile, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = RequiresIESysFile, data = 4.70.0.1155 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = URLInfoAbout, data = http://www.adobe.com |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = URLUpdateInfo, data = http://www.adobe.com/go/getflashplayer/ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = VersionMajor, data = 11 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = VersionMinor, data = 2 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = UninstallString, data = C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe -maintain activex |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = DisplayIcon, data = C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | value_name = EstimatedSize, data = 6144 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = UninstallString, data = "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProjectProRetail.16_en-us_x-none culture=en-us version.16=16.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = ModifyPath, data = "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=repair platform=x64 culture=en-us |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = NoRepair, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = NoRemove, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = NoRemove, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = NoModify, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = DisplayIcon, data = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = DisplayName, data = Microsoft Project Professional 2016 - en-us |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = DisplayVersion, data = 16.0.8431.2079 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = InstallLocation, data = C:\Program Files\Microsoft Office |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = ClickToRunComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | value_name = ClickToRunComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = UninstallString, data = "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = ModifyPath, data = "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=repair platform=x64 culture=en-us |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = NoRepair, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = NoRemove, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = NoRemove, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = NoModify, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = DisplayIcon, data = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = DisplayName, data = Microsoft Office Professional Plus 2016 - en-us |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = DisplayVersion, data = 16.0.8431.2079 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = InstallLocation, data = C:\Program Files\Microsoft Office |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = ClickToRunComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | value_name = ClickToRunComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = UninstallString, data = "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=VisioProRetail.16_en-us_x-none culture=en-us version.16=16.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = ModifyPath, data = "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=repair platform=x64 culture=en-us |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = NoRepair, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = NoRemove, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = NoRemove, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = NoModify, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = DisplayIcon, data = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = DisplayName, data = Microsoft Visio Professional 2016 - en-us |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = DisplayVersion, data = 16.0.8431.2079 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = InstallLocation, data = C:\Program Files\Microsoft Office |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = ClickToRunComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | value_name = ClickToRunComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = NoRemove, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = NoRemove, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = DisplayVersion, data = 10.0.40219 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=146008 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = InstallSource, data = c:\fdcdffa8a980600958d7f9015584\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = ModifyPath, data = MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = EstimatedSize, data = 14199 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = UninstallString, data = MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = VersionMajor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Version, data = 167812379 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | value_name = DisplayName, data = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = DisplayVersion, data = 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = ModifyPath, data = MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = EstimatedSize, data = 12272 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = UninstallString, data = MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = VersionMajor, data = 11 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Version, data = 184610406 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | value_name = DisplayName, data = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = DisplayVersion, data = 9.0.30729.6161 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = InstallSource, data = c:\d82874be2c8645ac0b\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = ModifyPath, data = MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = EstimatedSize, data = 788 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = UninstallString, data = MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = VersionMajor, data = 9 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Version, data = 151025673 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | value_name = DisplayName, data = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = DisplayVersion, data = 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = InstallDate, data = 20170712 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\packages\vcRuntimeMinimum_amd64\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = ModifyPath, data = MsiExec.exe /X{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = EstimatedSize, data = 2088 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = UninstallString, data = MsiExec.exe /X{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = VersionMajor, data = 14 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = VersionMinor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Version, data = 235561401 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | value_name = DisplayName, data = Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = DisplayVersion, data = 16.0.8431.2079 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = InstallDate, data = 20170927 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = InstallSource, data = c:\program files\microsoft office\root\integration\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = ModifyPath, data = MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = EstimatedSize, data = 14296 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = UninstallString, data = MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = VersionMajor, data = 16 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Version, data = 268443887 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | value_name = DisplayName, data = Office 16 Click-to-Run Licensing Component |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = DisplayVersion, data = 16.0.8431.2079 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = InstallDate, data = 20170927 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = InstallSource, data = c:\program files\microsoft office\root\integration\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = ModifyPath, data = MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = EstimatedSize, data = 10212 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = UninstallString, data = MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = VersionMajor, data = 16 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Version, data = 268443887 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-1000-0000000FF1CE} | value_name = DisplayName, data = Office 16 Click-to-Run Extensibility Component |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = DisplayVersion, data = 16.0.8326.2076 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = InstallDate, data = 20170927 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = InstallSource, data = c:\program files\microsoft office\root\integration\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = ModifyPath, data = MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = EstimatedSize, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = UninstallString, data = MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = VersionMajor, data = 16 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Version, data = 268443782 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-1000-0000000FF1CE} | value_name = DisplayName, data = Office 16 Click-to-Run Localization Component |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = DisplayVersion, data = 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = ModifyPath, data = MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = EstimatedSize, data = 11784 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = UninstallString, data = MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = VersionMajor, data = 12 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Version, data = 201347597 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942} | value_name = DisplayName, data = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayIcon, data = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.00081\\DisplayIcon.ico |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayName, data = Microsoft .NET Framework 4.6 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = DisplayVersion, data = 4.6.00081 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = EstimatedSize, data = 39732 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = UninstallString, data = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.00081\\Setup.exe /repair /x86 /x64 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = VersionMajor, data = 4 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = VersionMinor, data = 6 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = InstallLocation, data = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.00081\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = UninstallPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = UninstallPath, data = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.00081\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = Readme, data = http://go.microsoft.com/fwlink/?LinkId=528229 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = URLInfoAbout, data = http://go.microsoft.com/fwlink/?LinkId=286133 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 | value_name = URLUpdateInfo, data = http://go.microsoft.com/fwlink/?LinkId=286134 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = DisplayVersion, data = 4.6.00081 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = InstallSource, data = C:\c2527ad1556dacc342323f\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = ModifyPath, data = MsiExec.exe /X{94A631D5-B30A-3DD8-B65C-1117C09DA73E} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Readme, data = http://go.microsoft.com/fwlink/?LinkId=528229 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Size, data = 39732 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = EstimatedSize, data = 1284149 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = UninstallString, data = MsiExec.exe /X{94A631D5-B30A-3DD8-B65C-1117C09DA73E} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = URLInfoAbout, data = http://go.microsoft.com/fwlink/?LinkId=286133 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = URLUpdateInfo, data = http://go.microsoft.com/fwlink/?LinkId=286134 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = VersionMajor, data = 4 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = VersionMinor, data = 6 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Version, data = 67502161 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E} | value_name = DisplayName, data = Microsoft .NET Framework 4.6 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = DisplayVersion, data = 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = ModifyPath, data = MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = EstimatedSize, data = 2532 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = UninstallString, data = MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = VersionMajor, data = 12 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Version, data = 201347597 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} | value_name = DisplayName, data = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = DisplayVersion, data = 8.0.61000 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = InstallSource, data = C:\Users\aETAdzjz\AppData\Local\Temp\IXP000.TMP\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = ModifyPath, data = MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = EstimatedSize, data = 572 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = UninstallString, data = MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = VersionMajor, data = 8 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Version, data = 134278728 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028} | value_name = DisplayName, data = Microsoft Visual C++ 2005 Redistributable (x64) |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = DisplayVersion, data = 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = ModifyPath, data = MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = EstimatedSize, data = 2000 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = UninstallString, data = MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = VersionMajor, data = 11 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Version, data = 184610406 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} | value_name = DisplayName, data = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = DisplayVersion, data = 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = InstallDate, data = 20170712 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\packages\vcRuntimeAdditional_amd64\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = ModifyPath, data = MsiExec.exe /X{E512788E-C50B-3858-A4B9-73AD5F3F9E93} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = EstimatedSize, data = 12640 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = UninstallString, data = MsiExec.exe /X{E512788E-C50B-3858-A4B9-73AD5F3F9E93} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = VersionMajor, data = 14 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = VersionMinor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Version, data = 235561401 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93} | value_name = DisplayName, data = Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25017 |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProjectProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProPlusRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VisioProRetail - en-us | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
| Enumerate Values | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-007E-0000-1000-0000000FF1CE} | - |
|
1 | |
|
For performance reasons, the remaining 289 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\reg.exe | base_address = 0xffdd0000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:02 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 198994 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27123988232 |
|
1 |
Process #41: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:28, Reason: Child Process |
| Unmonitor | End Time: 00:02:29, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x900 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
8F8
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4ab10000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:05 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 201038 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27328509679 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #42: cmd.exe
71
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "reg.exe query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" /s >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:28, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x848 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
934
|
Host Behavior
File (21)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Get Info | reg.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\reg.exe | os_pid = 0x910, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a9c0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:05 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 201116 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27337000215 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #43: reg.exe
12614
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\reg.exe |
| Command Line | reg.exe query "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" /s |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:28, Reason: Child Process |
| Unmonitor | End Time: 00:02:32, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x910 |
| Parent PID | 0x848 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
940
|
Host Behavior
File (6902)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
3451 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3451 |
Registry (1638)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, data = Adobe Flash Player 10 Plugin |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = Publisher, data = Adobe Systems Incorporated |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayVersion, data = 10.3.183.90 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = HelpLink, data = http://www.adobe.com/go/flashplayer_support/ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = RequiresIESysFile, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = RequiresIESysFile, data = 4.70.0.1155 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = URLInfoAbout, data = http://www.adobe.com |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = URLUpdateInfo, data = http://www.adobe.com/go/getflashplayer/ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = VersionMajor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = VersionMinor, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = UninstallString, data = C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10zr_Plugin.exe -maintain plugin |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayIcon, data = C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10zr_Plugin.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = EstimatedSize, data = 6144 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = Google Chrome |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = UninstallString, data = "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\setup.exe" --uninstall --system-level --verbose-logging |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = InstallLocation, data = C:\Program Files (x86)\Google\Chrome\Application |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayIcon, data = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = Publisher, data = Google Inc. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = Version, data = 59.0.3071.115 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayVersion, data = 59.0.3071.115 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = VersionMajor, data = 3071 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = VersionMinor, data = 115 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = Comments, data = Mozilla Firefox 25.0 (x86 en-US) |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayIcon, data = C:\Program Files (x86)\Mozilla Firefox\firefox.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, data = Mozilla Firefox 25.0 (x86 en-US) |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayVersion, data = 25.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = InstallLocation, data = C:\Program Files (x86)\Mozilla Firefox |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = Publisher, data = Mozilla |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = UninstallString, data = "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = URLInfoAbout, data = https://www.mozilla.org/en-US/ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = URLUpdateInfo, data = https://www.mozilla.org/en-US/firefox/ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = EstimatedSize, data = 50052 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, data = Mozilla Maintenance Service |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = UninstallString, data = "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayIcon, data = C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayVersion, data = 25.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = Publisher, data = Mozilla |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = Comments, data = Mozilla Maintenance Service 25.0 (x86 en-US) |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = EstimatedSize, data = 221 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = NoRemove, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = NoRemove, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayVersion, data = 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = ModifyPath, data = MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = EstimatedSize, data = 2076 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = UninstallString, data = MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = VersionMajor, data = 12 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Version, data = 201347597 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | data = KB2151757 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | data = KB2467173 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | data = KB2524860 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | data = KB2544655 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | data = KB2549743 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | data = KB2565063 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | data = KB982573 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayIcon, data = C:\Program Files (x86)\Java\jre7\\bin\javaws.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Contact, data = http://java.com |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayVersion, data = 7.0.710 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = HelpLink, data = http://java.com/help |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = InstallLocation, data = C:\Program Files (x86)\Java\jre7\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = InstallSource, data = C:\Users\aETAdzjz\AppData\LocalLow\Sun\Java\jre1.7.0_71\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = ModifyPath, data = MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F03217071FF} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Publisher, data = Oracle |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Readme, data = C:\Program Files (x86)\Java\jre7\README.txt |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = EstimatedSize, data = 123583 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = UninstallString, data = MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F03217071FF} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = URLInfoAbout, data = http://java.com |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = URLUpdateInfo, data = http://java.com/verify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = VersionMajor, data = 7 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Version, data = 117441222 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} | value_name = DisplayName, data = Java 7 Update 71 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleCachePath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleCachePath, data = C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleUpgradeCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleUpgradeCode, data = 4044848 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleAddonCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleAddonCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleDetectCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleDetectCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundlePatchCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundlePatchCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleVersion, data = 11.0.61030.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleProviderKey, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleProviderKey, data = {33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleTag, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = BundleTag |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = EngineVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = EngineVersion, data = 3.6.3542.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayIcon, data = C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayVersion, data = 11.0.61030.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = ModifyPath, data = "C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /modify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = NoElevateOnModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = NoElevateOnModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = QuietUninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = QuietUninstallString, data = "C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall /quiet |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = UninstallString, data = "C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = EstimatedSize, data = 17800 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = Resume, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = Resume, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = Installed, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = Installed, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleCachePath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleCachePath, data = C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleUpgradeCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleUpgradeCode, data = 4044848 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleAddonCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleAddonCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleDetectCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleDetectCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundlePatchCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundlePatchCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleVersion, data = 12.0.30501.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleProviderKey, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleProviderKey, data = {3c3aafc8-d898-43ec-998f-965ffdae065a} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleTag, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = BundleTag |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = EngineVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = EngineVersion, data = 3.7.2829.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayIcon, data = C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, data = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayVersion, data = 12.0.30501.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = ModifyPath, data = "C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe" /modify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = NoElevateOnModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = NoElevateOnModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = QuietUninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = QuietUninstallString, data = "C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe" /uninstall /quiet |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = UninstallString, data = "C:\ProgramData\Package Cache\{3c3aafc8-d898-43ec-998f-965ffdae065a}\vcredist_x64.exe" /uninstall |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = EstimatedSize, data = 21062 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = Resume, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = Resume, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = Installed, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = Installed, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = DisplayVersion, data = 2.1.71.14 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = InstallSource, data = C:\Users\aETAdzjz\AppData\LocalLow\Sun\Java\AU\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = NoRemove, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = NoRemove, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Publisher, data = Oracle, Inc. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = EstimatedSize, data = 1254 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = VersionMajor, data = 2 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = VersionMinor, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Version, data = 33620039 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = DisplayName, data = Java Auto Updater |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayVersion, data = 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = InstallDate, data = 20170714 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\packages\vcRuntimeMinimum_x86\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = ModifyPath, data = MsiExec.exe /X{582EA838-9199-3518-A05C-DB09462F68EC} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = EstimatedSize, data = 1504 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = UninstallString, data = MsiExec.exe /X{582EA838-9199-3518-A05C-DB09462F68EC} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = VersionMajor, data = 14 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = VersionMinor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Version, data = 235561401 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayVersion, data = 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = InstallDate, data = 20170714 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\packages\vcRuntimeAdditional_x86\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = ModifyPath, data = MsiExec.exe /X{68306422-7C57-373F-8860-D26CE4BA2A15} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = EstimatedSize, data = 10072 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = UninstallString, data = MsiExec.exe /X{68306422-7C57-373F-8860-D26CE4BA2A15} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = VersionMajor, data = 14 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = VersionMinor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Version, data = 235561401 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayVersion, data = 8.0.61001 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = InstallSource, data = C:\Users\aETAdzjz\AppData\Local\Temp\IXP000.TMP\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = ModifyPath, data = MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = EstimatedSize, data = 300 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = UninstallString, data = MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = VersionMajor, data = 8 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Version, data = 134278729 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = Microsoft Visual C++ 2005 Redistributable |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Comments |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayVersion, data = 9.0.30729.6161 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = HelpLink |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = InstallSource, data = c:\d1d7baa2967008fb8610\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = ModifyPath, data = MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = EstimatedSize, data = 600 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = UninstallString, data = MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = VersionMajor, data = 9 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Version, data = 151025673 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Comments, data = |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Contact, data = Customer Support |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayVersion, data = 10.0.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = HelpLink, data = http://www.adobe.com/support/main.html |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = InstallLocation, data = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = InstallSource, data = E:\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = ModifyPath, data = MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Publisher, data = Adobe Systems Incorporated |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Readme, data = C:\Program Files (x86)\Adobe\Reader 10.0\Readme.htm |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = EstimatedSize, data = 482002 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = UninstallString, data = MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = URLInfoAbout, data = http://www.adobe.com |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = URLUpdateInfo, data = http://www.adobe.com/products/acrobat/readstep.html |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = VersionMajor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Version, data = 167772160 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, data = Adobe Reader X MUI |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayVersion, data = 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = ModifyPath, data = MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = EstimatedSize, data = 9900 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = UninstallString, data = MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = VersionMajor, data = 11 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Version, data = 184610406 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayVersion, data = 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = ModifyPath, data = MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = EstimatedSize, data = 1772 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = UninstallString, data = MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = VersionMajor, data = 11 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Version, data = 184610406 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = Language, data = 1033 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleCachePath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleCachePath, data = C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleUpgradeCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleUpgradeCode, data = 4044848 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleAddonCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleAddonCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleDetectCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleDetectCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundlePatchCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundlePatchCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleVersion, data = 11.0.61030.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleProviderKey, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleProviderKey, data = {ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleTag, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = BundleTag |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = EngineVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = EngineVersion, data = 3.6.3542.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayIcon, data = C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, data = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayVersion, data = 11.0.61030.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = ModifyPath, data = "C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /modify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = NoElevateOnModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = NoElevateOnModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = QuietUninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = QuietUninstallString, data = "C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall /quiet |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = UninstallString, data = "C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe" /uninstall |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = EstimatedSize, data = 21014 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = Resume, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = Resume, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = Installed, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = Installed, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleCachePath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleCachePath, data = C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleUpgradeCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleUpgradeCode, data = 4044848 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleAddonCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleAddonCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleDetectCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleDetectCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundlePatchCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundlePatchCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleVersion, data = 14.10.25017.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleProviderKey, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleProviderKey, data = ,,amd64,14.0,bundle |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleTag, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = BundleTag |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = EngineVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = EngineVersion, data = 3.7.3813.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayIcon, data = C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, data = Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayVersion, data = 14.10.25017.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = ModifyPath, data = "C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe" /modify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = NoElevateOnModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = NoElevateOnModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = QuietUninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = QuietUninstallString, data = "C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe" /uninstall /quiet |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = UninstallString, data = "C:\ProgramData\Package Cache\{e52a6842-b0ac-476e-b48f-378a97a67346}\VC_redist.x64.exe" /uninstall |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = EstimatedSize, data = 26064 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = Resume, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = Resume, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = Installed, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = Installed, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleCachePath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleCachePath, data = C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleUpgradeCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleUpgradeCode, data = 4044848 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleAddonCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleAddonCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleDetectCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleDetectCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundlePatchCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundlePatchCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleVersion, data = 12.0.30501.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleProviderKey, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleProviderKey, data = {e6e75766-da0f-4ba2-9788-6ea593ce702d} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleTag, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = BundleTag |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = EngineVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = EngineVersion, data = 3.7.2829.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayIcon, data = C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayVersion, data = 12.0.30501.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = ModifyPath, data = "C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe" /modify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = NoElevateOnModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = NoElevateOnModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = QuietUninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = QuietUninstallString, data = "C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe" /uninstall /quiet |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = UninstallString, data = "C:\ProgramData\Package Cache\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\vcredist_x86.exe" /uninstall |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = EstimatedSize, data = 17600 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = Resume, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = Resume, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = Installed, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = Installed, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayVersion, data = 10.0.40219 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=146008 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = InstallSource, data = c:\695fbbc389830707c2f7\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = ModifyPath, data = MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = NoRepair, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = NoRepair, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = EstimatedSize, data = 11417 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = UninstallString, data = MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = URLUpdateInfo |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = VersionMajor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = VersionMajor, data = 10 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = VersionMinor, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = VersionMinor, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = WindowsInstaller, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = WindowsInstaller, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Version, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Version, data = 167812379 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Language, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = Language, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | data = KB2151757 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | data = KB2467173 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | data = KB2524860 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | data = KB2544655 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | data = KB2549743 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | data = KB2565063 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | data = KB982573 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleCachePath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleCachePath, data = C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleUpgradeCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleUpgradeCode, data = 4044848 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleAddonCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleAddonCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleDetectCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleDetectCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundlePatchCode, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundlePatchCode, data = 4058768 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleVersion, data = 14.10.25017.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleProviderKey, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleProviderKey, data = ,,x86,14.0,bundle |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleTag, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = BundleTag |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = EngineVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = EngineVersion, data = 3.7.3813.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayIcon, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayIcon, data = C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe,0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayVersion, data = 14.10.25017.0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = ModifyPath, data = "C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe" /modify |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = NoElevateOnModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = NoElevateOnModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = QuietUninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = QuietUninstallString, data = "C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe" /uninstall /quiet |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = UninstallString, data = "C:\ProgramData\Package Cache\{f325f05b-f963-4640-a43b-c8a494cdda0f}\VC_redist.x86.exe" /uninstall |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = EstimatedSize, data = 22015 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = Resume, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = Resume, data = 3 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = Installed, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = Installed, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = AuthorizedCDFPrefix, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = AuthorizedCDFPrefix |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Comments, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Comments, data = Caution. Removing this product might prevent some applications from running. |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Contact, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Contact |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayVersion, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayVersion, data = 12.0.21005 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = HelpLink, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = HelpLink, data = http://go.microsoft.com/fwlink/?LinkId=133405 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = HelpTelephone, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = HelpTelephone |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = InstallDate, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = InstallDate, data = 20170630 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = InstallLocation, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = InstallLocation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = InstallSource, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = InstallSource, data = C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = ModifyPath, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = ModifyPath, data = MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = NoModify, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = NoModify, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Publisher, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Publisher, data = Microsoft Corporation |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Readme, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Readme |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Size, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = Size |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = EstimatedSize, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = EstimatedSize, data = 9456 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = SystemComponent, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = SystemComponent, data = 1 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = UninstallString, data = MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = URLInfoAbout, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = URLInfoAbout |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = URLUpdateInfo, type = REG_NONE |
|
1 | |
|
For performance reasons, the remaining 638 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\reg.exe | base_address = 0xff570000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-06-09 15:07:05 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 201194 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27344687101 |
|
1 |
Process #44: cmd.exe
65
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /C "echo -------- >> C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:33, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x904 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
43C
|
Host Behavior
File (24)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = size |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Read | STD_OUTPUT_HANDLE | size = 1, size_out = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 11 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a7c0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-25 21:56:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 203690 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27593142315 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #45: cmd.exe
1347
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | cmd /U /C "type C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 > C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin & del C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:33, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x580 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
914
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | 157.66 KB |
MD5:
389e83aca199b9d2652cf35277f354e3
SHA1: 860c41bc489c152664c3f6d98c8a96f2bbb49f47 SHA256: c6b3520a816e9eb218c587df2f0ac2059fc8840d1404156f9f705f95822c052b SSDeep: 3072:R5Rb2c4OQN9TYA0vpuQIq7ZptqAAov+Q4S0riSAwSwNTCjIWtg0XefPP3aqNVX3m:H |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | 78.83 KB |
MD5:
49c484df39aec6ecaa359b56f58f4931
SHA1: bc48076ec5095f1dbfd751d0337084d4e230bbde SHA256: b201a32b8f9ab111723fd7c3b812016be28bc6f2d56769e5721335c616c196dd SSDeep: 1536:CA4EvLtmbRr+0mWu3tCVRLHVXtLhPhF8eZhDADncPXpvr2Aj75TLqdelpEuKhKId:CDFIKsBLAzkfLZALAzwogu/LAzkF5cIn |
|
|
Host Behavior
File (1306)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | type = file_attributes |
|
3 | |
| Get Info | - | type = file_type |
|
1 | |
| Get Info | - | type = size, size_out = 0 |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
249 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
9 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | - | - |
|
192 | |
| Open | STD_OUTPUT_HANDLE | - |
|
466 | |
| Read | - | size = 512, size_out = 512 |
|
157 | |
| Read | - | size = 512, size_out = 338 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 160 |
|
186 | |
| Write | STD_OUTPUT_HANDLE | size = 64 |
|
31 | |
| Delete | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin1 | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4ab90000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77056d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x770523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77048290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x770517e0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-25 21:56:43 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 203768 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27602171692 |
|
1 |
Environment (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #46: makecab.exe
87
0
| Information | Value |
|---|---|
| ID | #46 |
| File Name | c:\windows\system32\makecab.exe |
| Command Line | makecab.exe /F "C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin" |
| Initial Working Directory | C:\Users\aETAdzjz\AppData\Local\Temp\ |
| Monitor | Start Time: 00:02:31, Reason: Child Process |
| Unmonitor | End Time: 00:02:33, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x850 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
83C
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_5 | 11.12 KB |
MD5:
f0fbc7843742a36d1fa0ee3d5bea7318
SHA1: b79117a13a5f77c7aabc64eb7ce9db5cee147fb4 SHA256: b8ca2e1c8786fbc93a68c4b852fbaf28d9b707abae9768c73392db5553331cac SSDeep: 192:HA/0hz0PQzWTojv4EBG+GMm5Si81YA3se82UlEeUKPtpAcH8X/hEeQ:HAclzBVB/ms1FUlfPtCcc4 |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\E3D6.bin | 11.18 KB |
MD5:
7921d82607b58d54073420ccba781a7c
SHA1: 6acccc292018f2f7e7d5a2fd3a4ca788a7ef6c04 SHA256: dfd8530b469f7507191d7c4fd51e18523ab8deed1f753ff41b33d84d6eeb356a SSDeep: 192:IA/0hz0PQzWTojv4EBG+GMm5Si81YA3se82UkEeUKPtpAcH8X/hEez:IAclzBVB/ms1FUkfPtCccL |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_7 | 11.12 KB |
MD5:
a55ebddfea351dd54b2e256c7d7207af
SHA1: 4afd19d1ec6aa8534ab799d3c90bfbca3e62f715 SHA256: fa29bf5f7ae4fc9c01014dc581dda1c60c048f67199ccc79d95d19711f607393 SSDeep: 192:8A/0hz0PQzWTojv4EBG+GMm5Si81YA3se82UkEeUKPtpAcH8X/hEez:8AclzBVB/ms1FUkfPtCccL |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_6 | 25 bytes |
MD5:
437d9b7103a6b0952dea80da9ea5efdb
SHA1: 7306aeefaf72811c24d7c3d9a481b59b98fc26ce SHA256: bdc3393366f61dc58f4bc69ce2a88d1bb6a60be78f761f54406891f9cdab1efc SSDeep: 3:jI4Vo+:jI4S+ |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_9 | 8 bytes |
MD5:
ca93ffca2002a30af536a8f89e8f1215
SHA1: 68d57427d788ad063470fb500d74c85fa5a277d1 SHA256: 576ce47febf5a4589747f2fb5db219ced962c2d50911774a57b3e104f0b2b725 SSDeep: 3:l:l |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\inf_2564_2 | 23 bytes |
MD5:
4230347e5849e9c7230227a287ae4a41
SHA1: a3fa042694dc86f05973ac07231c95cf590d606a SHA256: 2484fa669042204d83d907de45012a2aef7f6687613ce76169097240415b0abd SSDeep: 3:R0qxv:Rf |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_3 | 30 bytes |
MD5:
a49a8635f89cb783bc958ad9b863a14b
SHA1: a5be862858f30e6ed63c9310eb562e77a9476eec SHA256: aeeb2b2ad2903e3ae19629043af276365b463b2a32198fd2c8d4d3ad1ce6df7b SSDeep: 3:NLBoFMLy:ZeFKy |
|
|
| C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_4 | 33 bytes |
MD5:
8dae31400c563a2d1a98aaaf3b69953b
SHA1: 17e254e74e345451ab48a51edddd1cc81907c8f3 SHA256: 5cfac9756cc5df945d64f55813cc619d3ba895c27573343feb0491c932862da1 SSDeep: 3:dJgVRl4VOJin:dq54QJin |
|
|
| setup.inf | 939 bytes |
MD5:
37e2e60fa9ebd96d400faad7d3844aed
SHA1: 94451aaee90b0e24a18af8446271e696cb8fb5b3 SHA256: 3549d419005764011bad2417f538679f2a0b3e5c39f72de7b321644cbd42dee3 SSDeep: 12:QxncDimwR8KoOnsPOyneJheFC4QJi5IncDimwR8KoOnhIv:QF8vwnoOn0OynKheFC4QJi08vwnoOnw |
|
|
| setup.rpt | 283 bytes |
MD5:
991bcff5dfe927b8d18cce62cb992c3c
SHA1: c72b2597bfd44676534815bfc33349f7def7d152 SHA256: 9ea4378c0f266c2665b19dcffafddd2b640d48c07d839234e8e5907549337598 SSDeep: 3:ZO4N/Bt3+xVcuK49HXUv1z/SpkFF0SkqqsVSeKQtFb0iwYeshL/hbtXQT/ZUAa:vwcuKm3U/ukMSkYSeKQL0iwYZ/hNQTCp |
|
|
Host Behavior
File (80)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | file_attributes = _O_EXCL |
|
1 | |
| Create | CAB02128.TMP | file_attributes = _O_RDWR, _O_CREAT, _O_EXCL |
|
2 | |
| Create | setup.inf | file_attributes = _O_RDWR, _O_CREAT |
|
1 | |
| Create | setup.rpt | file_attributes = _O_RDWR, _O_CREAT |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_2 | file_attributes = _O_WRONLY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_3 | file_attributes = _O_WRONLY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_4 | file_attributes = _O_WRONLY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | file_attributes = _O_EXCL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | file_attributes = _O_RDWR, _O_CREAT, _O_EXCL |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_5 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_6 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_7 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_8 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_9 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_10 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_11 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\E3D6.bin | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_12 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_13 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\cab_2128_14 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Create | setup.inf | file_attributes = _O_WRONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_2 | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_3 | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_4 | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | setup.rpt | file_attributes = _O_WRONLY |
|
1 | |
| Get Info | C:\Users\aETAdzjz\AppData\Local\Temp\1D0E.bin | type = file_attributes |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 3 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 4096 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 3 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 4096 |
|
1 | |
| Read | - | size = 32768 |
|
5 | |
| Read | - | size = 17582 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 8 |
|
3 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 7633 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 2731 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 994 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 8 |
|
1 | |
| Read | - | size = 16 |
|
1 | |
| Read | - | size = 256 |
|
1 | |
| Read | - | size = 16 |
|
1 | |
| Read | - | size = 8 |
|
1 | |
| Read | - | size = 8 |
|
1 | |
| Read | - | size = 32768 |
|
2 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_2 | size = 2048, size_out = 23 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_3 | size = 2048, size_out = 30 |
|
1 | |
| Read | C:\Users\aETAdzjz\AppData\Local\Temp\inf_2128_4 | size = 2048, size_out = 33 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 8 |
|
3 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 7633 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 2731 |
|
1 | |
| Write | - | size = 16 |
|
2 | |
| Write | - | size = 9 |
|
2 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\CAB02128.TMP | size = 994 |
|
1 | |
| Write | - | size = 8 |
|
4 | |
| Write | - | size = 7633 |
|
1 | |
| Write | - | size = 2731 |
|
1 | |
| Write | - | size = 994 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 36 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 8 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 25 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 11382 |
|
1 | |
| Write | C:\Users\aETAdzjz\AppData\Local\Temp\DB32.bin | size = 4 |
|
1 | |
| Write | setup.inf | size = 23 |
|
1 | |
| Write | setup.inf | size = 30 |
|
1 | |
| Write | setup.inf | size = 33 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\makecab.exe | base_address = 0xffe10000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77040000 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = HeapSetInformation, address_out = 0x7705c4a0 |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 1627-02-25 21:56:44 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 203971 |
|
1 | |
| Get Time | type = Performance Ctr, time = 27622200759 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
