6e4cc242e9b433dc2856862df6ea36e1e70bf597121dc5ece179a29b674a41c9 (SHA256)
1.exe
Windows Exe (x86-32)
Created at 2018-09-17 14:41:00
Notifications (1/1)
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: 1.exe
5101
114
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\1.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:51, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:05, Reason: Self Terminated |
| Monitor Duration | 00:01:14 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae4 |
| Parent PID | 0x568 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AE8
0x
0
0x
B04
0x
B0C
0x
B10
0x
B14
0x
B18
0x
B1C
0x
B20
0x
B2C
0x
B88
0x
BA4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x00226fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000230000 | 0x00230000 | 0x00231fff | Pagefile Backed Memory | rw |
|
|
|
- |
| msvfw32.dll.mui | 0x00240000 | 0x00241fff | Memory Mapped File | rw |
|
|
|
- |
| oleaccrc.dll | 0x00250000 | 0x00250fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x00260fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x0027ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x002fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000300000 | 0x00300000 | 0x00301fff | Pagefile Backed Memory | r |
|
|
|
- |
| windowsshell.manifest | 0x00310000 | 0x00310fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000310000 | 0x00310000 | 0x00310fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000320000 | 0x00320000 | 0x00321fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0033ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x0037ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x003bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| 1.exe | 0x00400000 | 0x00493fff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x00627fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000630000 | 0x00630000 | 0x00630fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000640000 | 0x00640000 | 0x00640fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000640000 | 0x00640000 | 0x00640fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000650000 | 0x00650000 | 0x00650fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000660000 | 0x00660000 | 0x00660fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000670000 | 0x00670000 | 0x00670fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x00680fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000690000 | 0x00690000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000710000 | 0x00710000 | 0x00890fff | Pagefile Backed Memory | r |
|
|
|
- |
| rsaenh.dll | 0x008a0000 | 0x008dbfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000008a0000 | 0x008a0000 | 0x008dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008e0000 | 0x008e0000 | 0x008e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008f0000 | 0x008f0000 | 0x008f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000900000 | 0x00900000 | 0x009fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000a00000 | 0x00a00000 | 0x01dfffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001e00000 | 0x01e00000 | 0x01edefff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01ee0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01ef0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f00fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f10000 | 0x01f10000 | 0x01f10fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f20fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f30000 | 0x01f30000 | 0x01f30fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f40fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f50000 | 0x01f50000 | 0x01f50fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f60fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f70000 | 0x01f70000 | 0x01f70fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f80000 | 0x01f80000 | 0x01f8ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001f90000 | 0x01f90000 | 0x02382fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0255ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0251ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0248ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024e0000 | 0x024e0000 | 0x0251ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x0255ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02560000 | 0x0282efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002830000 | 0x02830000 | 0x0292ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002930000 | 0x02930000 | 0x02a2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a30000 | 0x02a30000 | 0x02b2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b30000 | 0x02b30000 | 0x02b30fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b40000 | 0x02b40000 | 0x02b40fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b50000 | 0x02b50000 | 0x02b50fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b60000 | 0x02b60000 | 0x02b60fff | Private Memory | rw |
|
|
|
- |
| api-ms-win-crt-utility-l1-1-0.dll | 0x73a20000 | 0x73a22fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-environment-l1-1-0.dll | 0x73a30000 | 0x73a32fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-filesystem-l1-1-0.dll | 0x73a40000 | 0x73a42fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-time-l1-1-0.dll | 0x73a50000 | 0x73a52fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-multibyte-l1-1-0.dll | 0x73a60000 | 0x73a64fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-math-l1-1-0.dll | 0x73a70000 | 0x73a74fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-locale-l1-1-0.dll | 0x73a80000 | 0x73a82fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-convert-l1-1-0.dll | 0x73a90000 | 0x73a93fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-stdio-l1-1-0.dll | 0x73aa0000 | 0x73aa3fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-heap-l1-1-0.dll | 0x73ab0000 | 0x73ab2fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-string-l1-1-0.dll | 0x73ac0000 | 0x73ac3fff | Memory Mapped File | rwx |
|
|
|
|
| api-ms-win-crt-runtime-l1-1-0.dll | 0x73c00000 | 0x73c03fff | Memory Mapped File | rwx |
|
|
|
|
| vcruntime140.dll | 0x73c10000 | 0x73c23fff | Memory Mapped File | rwx |
|
|
|
|
| msvcp140.dll | 0x73c30000 | 0x73c9cfff | Memory Mapped File | rwx |
|
|
|
|
| mozglue.dll | 0x73d90000 | 0x73db3fff | Memory Mapped File | rwx |
|
|
|
|
| nss3.dll | 0x73dc0000 | 0x73ef3fff | Memory Mapped File | rwx |
|
|
|
|
| rsaenh.dll | 0x74560000 | 0x7459afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x745a0000 | 0x745b5fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x745c0000 | 0x7475dfff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74f40000 | 0x74f52fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74f60000 | 0x74fdffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x750b0000 | 0x750d0fff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x750e0000 | 0x750eafff | Memory Mapped File | rwx |
|
|
|
- |
| msimg32.dll | 0x750f0000 | 0x750f4fff | Memory Mapped File | rwx |
|
|
|
- |
| oleacc.dll | 0x75100000 | 0x7513bfff | Memory Mapped File | rwx |
|
|
|
- |
| secur32.dll | 0x75140000 | 0x75147fff | Memory Mapped File | rwx |
|
|
|
- |
| msvfw32.dll | 0x75150000 | 0x75170fff | Memory Mapped File | rwx |
|
|
|
- |
| msacm32.dll | 0x75180000 | 0x75193fff | Memory Mapped File | rwx |
|
|
|
- |
| winmm.dll | 0x751a0000 | 0x751d1fff | Memory Mapped File | rwx |
|
|
|
- |
| avifil32.dll | 0x751e0000 | 0x751f8fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x75200000 | 0x75208fff | Memory Mapped File | rwx |
|
|
|
- |
| dciman32.dll | 0x75210000 | 0x75215fff | Memory Mapped File | rwx |
|
|
|
- |
| ddraw.dll | 0x75220000 | 0x75306fff | Memory Mapped File | rwx |
|
|
|
- |
| glu32.dll | 0x75310000 | 0x75331fff | Memory Mapped File | rwx |
|
|
|
- |
| opengl32.dll | 0x75340000 | 0x75407fff | Memory Mapped File | rwx |
|
|
|
- |
| winspool.drv | 0x75410000 | 0x75460fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x75470000 | 0x754f3fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x75670000 | 0x756eafff | Memory Mapped File | rwx |
|
|
|
- |
| wintrust.dll | 0x756f0000 | 0x7571cfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x75970000 | 0x75975fff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x75a10000 | 0x75a54fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x75a80000 | 0x75b74fff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x75b80000 | 0x75d7afff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x75d80000 | 0x75e9cfff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x75f70000 | 0x75f7bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x761d0000 | 0x76226fff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x76230000 | 0x76256fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x762b0000 | 0x7633efff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x76340000 | 0x764dcfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x764e0000 | 0x7663bfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76640000 | 0x766c2fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x76760000 | 0x76895fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x768a0000 | 0x768b1fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x768c0000 | 0x768f4fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x76900000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef4d000 | 0x7ef4d000 | 0x7ef4ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 528 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-heap-l1-1-0.dll | 18.80 KB |
MD5:
93d3da06bf894f4fa21007bee06b5e7d
SHA1: 1e47230a7ebcfaf643087a1929a385e0d554ad15 SHA256: f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d SSDeep: 192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/vcruntime140.dll | 81.82 KB |
MD5:
7587bf9cb4147022cd5681b015183046
SHA1: f2106306a8f6f0da5afb7fc765cfa0757ad5a628 SHA256: c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d SSDeep: 1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-1-0.dll | 19.80 KB |
MD5:
71af7ed2a72267aaad8564524903cff6
SHA1: 8a8437123de5a22ab843adc24a01ac06f48db0d3 SHA256: 5dd4ccd63e6ed07ca3987ab5634ca4207d69c47c2544dfefc41935617652820f SSDeep: 384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-process-l1-1-0.dll | 18.80 KB |
MD5:
8d02dd4c29bd490e672d271700511371
SHA1: f3035a756e2e963764912c6b432e74615ae07011 SHA256: c03124ba691b187917ba79078c66e12cbf5387a3741203070ba23980aa471e8b SSDeep: 192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nssdbm3.dll | 90.45 KB |
MD5:
569a7a65658a46f9412bdfa04f86e2b2
SHA1: 44cc0038e891ae73c43b61a71a46c97f98b1030d SHA256: 541a293c450e609810279f121a5e9dfa4e924d52e8b0c6c543512b5026efe7ec SSDeep: 1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-shm | 32.00 KB |
MD5:
b7c14ec6110fa820ca6b65f5aec85911
SHA1: 608eeb7488042453c9ca40f7e1398fc1a270f3f4 SHA256: fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb SSDeep: 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | 18.00 KB |
MD5:
29844404ae855e9df054833f71888eb1
SHA1: 3e86f08def08fc14ddec0227d0643319562666db SHA256: c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e SSDeep: 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-handle-l1-1-0.dll | 17.80 KB |
MD5:
6db54065b33861967b491dd1c8fd8595
SHA1: ed0938bbc0e2a863859aad64606b8fc4c69b810a SHA256: 945cc64ee04b1964c1f9fcdc3124dd83973d332f5cfb696cdf128ca5c4cbd0e5 SSDeep: 384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-private-l1-1-0.dll | 71.30 KB |
MD5:
9910a1bfdc41c5b39f6af37f0a22aacd
SHA1: 47fa76778556f34a5e7910c816c78835109e4050 SHA256: 65ded8d2ce159b2f5569f55b2caf0e2c90f3694bd88c89de790a15a49d8386b9 SSDeep: 1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-localization-l1-2-0.dll | 20.30 KB |
MD5:
eff11130bfe0d9c90c0026bf2fb219ae
SHA1: cf4c89a6e46090d3d8feeb9eb697aea8a26e4088 SHA256: 03ad57c24ff2cf895b5f533f0ecbd10266fd8634c6b9053cc9cb33b814ad5d97 SSDeep: 384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-stdio-l1-1-0.dll | 23.80 KB |
MD5:
fefb98394cb9ef4368da798deab00e21
SHA1: 316d86926b558c9f3f6133739c1a8477b9e60740 SHA256: b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7 SSDeep: 384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-utility-l1-1-0.dll | 18.30 KB |
MD5:
b52a0ca52c9c207874639b62b6082242
SHA1: 6fb845d6a82102ff74bd35f42a2844d8c450413b SHA256: a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0 SSDeep: 192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nss3.dll | 1.19 MB |
MD5:
556ea09421a0f74d31c4c0a89a70dc23
SHA1: f739ba9b548ee64b13eb434a3130406d23f836e3 SHA256: f0e6210d4a0d48c7908d8d1c270449c91eb4523e312a61256833bfeaf699abfb SSDeep: 24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-convert-l1-1-0.dll | 21.80 KB |
MD5:
72e28c902cd947f9a3425b19ac5a64bd
SHA1: 9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7 SHA256: 3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1 SSDeep: 384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-environment-l1-1-0.dll | 18.30 KB |
MD5:
ac290dad7cb4ca2d93516580452eda1c
SHA1: fa949453557d0049d723f9615e4f390010520eda SHA256: c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382 SSDeep: 192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-datetime-l1-1-0.dll | 17.80 KB |
MD5:
cb978304b79ef53962408c611dfb20f5
SHA1: eca42f7754fb0017e86d50d507674981f80bc0b9 SHA256: 90fae0e7c3644a6754833c42b0ac39b6f23859f9a7cf4b6c8624820f59b9dad3 SSDeep: 192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-timezone-l1-1-0.dll | 17.80 KB |
MD5:
babf80608fd68a09656871ec8597296c
SHA1: 33952578924b0376ca4ae6a10b8d4ed749d10688 SHA256: 24c9aa0b70e557a49dac159c825a013a71a190df5e7a837bfa047a06bba59eca SSDeep: 384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-filesystem-l1-1-0.dll | 19.80 KB |
MD5:
aec2268601470050e62cb8066dd41a59
SHA1: 363ed259905442c4e3b89901bfd8a43b96bf25e4 SHA256: 7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2 SSDeep: 384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/ |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | 100.00 KB |
MD5:
3c72a569901a8a45018d9d7c542a1857
SHA1: 9bb7a9a87b5a8b7c4c556b8271d4af0373911389 SHA256: 06bb2bfe3a0612482499e0b0f175b85b66c9f4d32e6b700d740ea801ea9c764e SSDeep: 96:rZLJLdogEU+08l50etKCpjjJwCJA+ETzgcc+8EyZ/cCzwwC+AbIN0NAm:tJdogD+0O5rKC5ti5yDe |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | 68.00 KB |
MD5:
3067eb8025ae0262c7a5c681d7982d67
SHA1: 534976f915f2dd49adcf09677f9d38a0d0cfee63 SHA256: 9260dd9c2b2253e0a886f4d66e22c561d23604fe0010bbac8240f8fdc3aaf945 SSDeep: 96:byNQIoYnMvqyWx7pnqH+w/fVIrECuKdPraBdUDBBVWqwmKT/WTPepeWbtxYB+tCX:blkMvuzzTP6btWutle |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-multibyte-l1-1-0.dll | 25.80 KB |
MD5:
35fc66bd813d0f126883e695664e7b83
SHA1: 2fd63c18cc5dc4defc7ea82f421050e668f68548 SHA256: 66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735 SSDeep: 384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-locale-l1-1-0.dll | 18.30 KB |
MD5:
a2f2258c32e3ba9abf9e9e38ef7da8c9
SHA1: 116846ca871114b7c54148ab2d968f364da6142f SHA256: 565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33 SSDeep: 192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-util-l1-1-0.dll | 17.80 KB |
MD5:
0f079489abd2b16751ceb7447512a70d
SHA1: 679dd712ed1c46fbd9bc8615598da585d94d5d87 SHA256: f7d450a0f59151bcefb98d20fcae35f76029df57138002db5651d1b6a33adc86 SSDeep: 192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processenvironment-l1-1-0.dll | 18.80 KB |
MD5:
5f73a814936c8e7e4a2dfd68876143c8
SHA1: d960016c4f553e461afb5b06b039a15d2e76135e SHA256: 96898930ffb338da45497be019ae1adcd63c5851141169d3023e53ce4c7a483e SSDeep: 192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-rtlsupport-l1-1-0.dll | 17.30 KB |
MD5:
fdba0db0a1652d86cd471eaa509e56ea
SHA1: 3197cb45787d47bac80223e3e98851e48a122efa SHA256: 2257fea1e71f7058439b3727ed68ef048bd91dcacd64762eb5c64a9d49df0b57 SSDeep: 384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/msvcp140.dll | 429.80 KB |
MD5:
109f0f02fd37c84bfc7508d4227d7ed5
SHA1: ef7420141bb15ac334d3964082361a460bfdb975 SHA256: 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4 SSDeep: 12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-debug-l1-1-0.dll | 17.80 KB |
MD5:
88ff191fd8648099592ed28ee6c442a5
SHA1: 6a4f818b53606a5602c609ec343974c2103bc9cc SHA256: c310cc91464c9431ab0902a561af947fa5c973925ff70482d3de017ed3f73b7d SSDeep: 384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l1-1-0.dll | 21.30 KB |
MD5:
94ae25c7a5497ca0be6882a00644ca64
SHA1: f7ac28bbc47e46485025a51eeb6c304b70cee215 SHA256: 7ea06b7050f9ea2bcc12af34374bdf1173646d4e5ebf66ad690b37f4df5f3d4e SSDeep: 384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-time-l1-1-0.dll | 20.30 KB |
MD5:
849f2c3ebf1fcba33d16153692d5810f
SHA1: 1f8eda52d31512ebfdd546be60990b95c8e28bfb SHA256: 69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d SSDeep: 384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-string-l1-1-0.dll | 22.94 KB |
MD5:
404604cd100a1e60dfdaf6ecf5ba14c0
SHA1: 58469835ab4b916927b3cabf54aee4f380ff6748 SHA256: 73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c SSDeep: 384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processthreads-l1-1-0.dll | 18.94 KB |
MD5:
a2d7d7711f9c0e3e065b2929ff342666
SHA1: a17b1f36e73b82ef9bfb831058f187535a550eb8 SHA256: 9dab884071b1f7d7a167f9bec94ba2bee875e3365603fa29b31de286c6a97a1d SSDeep: 384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processthreads-l1-1-1.dll | 18.30 KB |
MD5:
d0289835d97d103bad0dd7b9637538a1
SHA1: 8ceebe1e9abb0044808122557de8aab28ad14575 SHA256: 91eeb842973495deb98cef0377240d2f9c3d370ac4cf513fd215857e9f265a6a SSDeep: 384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/mozglue.dll | 135.95 KB |
MD5:
9e682f1eb98a9d41468fc3e50f907635
SHA1: 85e0ceca36f657ddf6547aa0744f0855a27527ee SHA256: 830533bb569594ec2f7c07896b90225006b90a9af108f49d6fb6bebd02428b2d SSDeep: 3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/freebl3.dll | 324.95 KB |
MD5:
343aa83574577727aabe537dccfdeafc
SHA1: 9ce3b9a182429c0dba9821e2e72d3ab46f5d0a06 SHA256: 393ae7f06fe6cd19ea6d57a93dd0acd839ee39ba386cf1ca774c4c59a3bfebd8 SSDeep: 6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-2-0.dll | 18.30 KB |
MD5:
0d1aa99ed8069ba73cfd74b0fddc7b3a
SHA1: ba1f5384072df8af5743f81fd02c98773b5ed147 SHA256: 30d99ce1d732f6c9cf82671e1d9088aa94e720382066b79175e2d16778a3dad1 SSDeep: 384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-sysinfo-l1-1-0.dll | 18.80 KB |
MD5:
19a40af040bd7add901aa967600259d9
SHA1: 05b6322979b0b67526ae5cd6e820596cbe7393e4 SHA256: 4b704b36e1672ae02e697efd1bf46f11b42d776550ba34a90cd189f6c5c61f92 SSDeep: 384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-string-l1-1-0.dll | 17.80 KB |
MD5:
12cc7d8017023ef04ebdd28ef9558305
SHA1: f859a66009d1caae88bf36b569b63e1fbdae9493 SHA256: 7670fdede524a485c13b11a7c878015e9b0d441b7d8eb15ca675ad6b9c9a7311 SSDeep: 384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-memory-l1-1-0.dll | 18.30 KB |
MD5:
d500d9e24f33933956df0e26f087fd91
SHA1: 6c537678ab6cfd6f3ea0dc0f5abefd1c4924f0c0 SHA256: bb33a9e906a5863043753c44f6f8165afe4d5edb7e55efa4c7e6e1ed90778eca SSDeep: 384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-profile-l1-1-0.dll | 17.30 KB |
MD5:
fee0926aa1bf00f2bec9da5db7b2de56
SHA1: f5a4eb3d8ac8fb68af716857629a43cd6be63473 SHA256: 8eb5270fa99069709c846db38be743a1a80a42aa1a88776131f79e1d07cc411c SSDeep: 192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-heap-l1-1-0.dll | 17.80 KB |
MD5:
2ea3901d7b50bf6071ec8732371b821c
SHA1: e7be926f0f7d842271f7edc7a4989544f4477da7 SHA256: 44f6df4280c8ecc9c6e609b1a4bfee041332d337d84679cfe0d6678ce8f2998a SSDeep: 192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | 7.00 KB |
MD5:
0111897c22e2ab86bfd65ccf91adc717
SHA1: c499d8febec0f0cb771a654fc65699c22226fe37 SHA256: cff896f26e26cdf1a63e312f89795366ee2bc902323cabe44a86aa4ad0977228 SSDeep: 48:tNecVTgPOpEveoJZFrU10WB58PdJAKr1EcO:tVSNDX25E |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-math-l1-1-0.dll | 28.30 KB |
MD5:
8b0ba750e7b15300482ce6c961a932f0
SHA1: 71a2f5d76d23e48cef8f258eaad63e586cfc0e19 SHA256: bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed SSDeep: 384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-conio-l1-1-0.dll | 18.80 KB |
MD5:
6ea692f862bdeb446e649e4b2893e36f
SHA1: 84fceae03d28ff1907048acee7eae7e45baaf2bd SHA256: 9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2 SSDeep: 384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | 512.00 KB |
MD5:
ca84b062330bf89c92f6da9fbd818b9e
SHA1: f52fd559629cecf4a02037663c6d9bf171ac7235 SHA256: 3ce8414a491044fca9d5c4de1af15fc54c06ba021a7ba2199e092f35c42fbdf4 SSDeep: 48:DML4nwTqMXQ98wM6ckr3ekPokj+rU+D0KHhS0wy:Dbn39e8DdPHaB33 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/softokn3.dll | 140.95 KB |
MD5:
67827db2380b5848166a411bae9f0632
SHA1: f68f1096c5a3f7b90824aa0f7b9da372228363ff SHA256: 9a7f11c212d61856dfc494de111911b7a6d9d5e9795b0b70bbbc998896f068ae SSDeep: 3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l2-1-0.dll | 17.80 KB |
MD5:
e479444bdd4ae4577fd32314a68f5d28
SHA1: 77edf9509a252e886d4da388bf9c9294d95498eb SHA256: c85dc081b1964b77d289aac43cc64746e7b141d036f248a731601eb98f827719 SSDeep: 192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-runtime-l1-1-0.dll | 22.30 KB |
MD5:
41a348f9bedc8681fb30fa78e45edb24
SHA1: 66e76c0574a549f293323dd6f863a8a5b54f3f9b SHA256: c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b SSDeep: 384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-errorhandling-l1-1-0.dll | 17.80 KB |
MD5:
6d778e83f74a4c7fe4c077dc279f6867
SHA1: f5d9cf848f79a57f690da9841c209b4837c2e6c3 SHA256: a97dcca76cdb12e985dff71040815f28508c655ab2b073512e386dd63f4da325 SSDeep: 192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l1-2-0.dll | 17.80 KB |
MD5:
e2f648ae40d234a3892e1455b4dbbe05
SHA1: d9d750e828b629cfb7b402a3442947545d8d781b SHA256: c8c499b012d0d63b7afc8b4ca42d6d996b2fcf2e8b5f94cacfbec9e6f33e8a03 SSDeep: 192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-interlocked-l1-1-0.dll | 17.44 KB |
MD5:
d97a1cb141c6806f0101a5ed2673a63d
SHA1: d31a84c1499a9128a8f0efea4230fcfa6c9579be SHA256: deccd75fc3fc2bb31338b6fe26deffbd7914c6cd6a907e76fd4931b7d141718c SSDeep: 192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-namedpipe-l1-1-0.dll | 17.80 KB |
MD5:
6f6796d1278670cce6e2d85199623e27
SHA1: 8aa2155c3d3d5aa23f56cd0bc507255fc953ccc3 SHA256: c4f60f911068ab6d7f578d449ba7b5b9969f08fc683fd0ce8e2705bbf061f507 SSDeep: 192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-libraryloader-l1-1-0.dll | 18.30 KB |
MD5:
d0873e21721d04e20b6ffb038accf2f1
SHA1: 9e39e505d80d67b347b19a349a1532746c1f7f88 SHA256: bb25ccf8694d1fcfce85a7159dcf6985fdb54728d29b021cb3d14242f65909ce SSDeep: 384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/ucrtbase.dll | 1.09 MB |
MD5:
d6326267ae77655f312d2287903db4d3
SHA1: 1268bef8e2ca6ebc5fb974fdfaff13be5ba7574f SHA256: 0bb8c77de80acf9c43de59a8fd75e611cc3eb8200c69f11e94389e8af2ceb7a9 SSDeep: 24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-console-l1-1-0.dll | 18.30 KB |
MD5:
502263c56f931df8440d7fd2fa7b7c00
SHA1: 523a3d7c3f4491e67fc710575d8e23314db2c1a2 SHA256: 94a5df1227818edbfd0d5091c6a48f86b4117c38550343f780c604eee1cd6231 SSDeep: 192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS |
|
|
Host Behavior
COM (1)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | 3C374A40-BAE4-11CF-BF7D-00AA006946EE | 00000000-0000-0000-C000-000000000046 | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER |
|
1 |
File (388)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-console-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-datetime-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-debug-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-errorhandling-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-handle-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-heap-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-interlocked-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-libraryloader-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-memory-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-namedpipe-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processenvironment-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processthreads-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-profile-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-rtlsupport-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-string-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-sysinfo-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-core-util-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/freebl3.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/mozglue.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/msvcp140.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nss3.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nssdbm3.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/softokn3.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/ucrtbase.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/vcruntime140.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\filezilla\recentservers.xml | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\filezilla\recentservers.xml | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[3].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[4].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\ | desired_access = GENERIC_READ, file_attributes = INVALID_FILE_ATTRIBUTES, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-wal | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-shm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eU hUOpSLo1i4Gt1-\dRpyRpiQoSNMN.doc | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eU hUOpSLo1i4Gt1-\6q0bLSfsI99nsKZgbUK-\Kx5ZAZpck.doc | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6uozLLksTjy-I_8S2\7ODHp5SY0aWFt.doc | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8Eto1TyVFZjo4BMXDt k.png | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K4MNL6cpEazj_.jpg | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tIZxC.jpg | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ug8-t\C36le\8Xy6OTaJ.doc | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ug8-t\C36le\oE3yZAx.jpg | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Directory | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\ | - |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp-journal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\filezilla\recentservers.xml | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\.purple\accounts.xml | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[3].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[4].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Microsoft\Windows\INetCache\\ | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\INetCookies\\ | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\\ | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\\ | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cookies\\ | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp-journal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-journal | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-shm | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-wal | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp-journal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp-journal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp-journal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp-wal | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eU hUOpSLo1i4Gt1-\dRpyRpiQoSNMN.doc | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eU hUOpSLo1i4Gt1-\6q0bLSfsI99nsKZgbUK-\Kx5ZAZpck.doc | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6uozLLksTjy-I_8S2\7ODHp5SY0aWFt.doc | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8Eto1TyVFZjo4BMXDt k.png | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K4MNL6cpEazj_.jpg | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tIZxC.jpg | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ug8-t\C36le\8Xy6OTaJ.doc | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ug8-t\C36le\oE3yZAx.jpg | type = size, size_out = 0 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Copy | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data |
|
1 | |
| Copy | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Cookies |
|
1 | |
| Copy | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\cookies.sqlite |
|
1 | |
| Copy | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data |
|
1 | |
| Copy | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data |
|
1 | |
| Copy | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\History |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | size = 2048, size_out = 2048 |
|
2 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | size = 16, size_out = 16 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt | size = 83, size_out = 83 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt | size = 551, size_out = 551 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt | size = 241, size_out = 241 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt | size = 111, size_out = 111 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt | size = 110, size_out = 110 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt | size = 276, size_out = 276 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt | size = 86, size_out = 86 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt | size = 414, size_out = 414 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt | size = 414, size_out = 414 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt | size = 102, size_out = 102 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt | size = 102, size_out = 102 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt | size = 93, size_out = 93 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt | size = 234, size_out = 234 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt | size = 578, size_out = 578 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt | size = 101, size_out = 101 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt | size = 82, size_out = 82 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt | size = 293, size_out = 293 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt | size = 221, size_out = 221 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt | size = 513, size_out = 513 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt | size = 490, size_out = 490 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt | size = 456, size_out = 456 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt | size = 130, size_out = 130 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt | size = 272, size_out = 272 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[1].txt | size = 598, size_out = 598 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[3].txt | size = 196, size_out = 196 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@google[4].txt | size = 543, size_out = 543 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt | size = 272, size_out = 272 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt | size = 118, size_out = 118 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt | size = 823, size_out = 823 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt | size = 206, size_out = 206 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt | size = 108, size_out = 108 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt | size = 104, size_out = 104 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt | size = 178, size_out = 178 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt | size = 215, size_out = 215 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt | size = 169, size_out = 169 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt | size = 1026, size_out = 1026 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Cookies\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt | size = 1026, size_out = 1026 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | size = 1024, size_out = 1024 |
|
2 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | size = 16, size_out = 16 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | size = 32768, size_out = 32768 |
|
3 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | size = 2048, size_out = 2048 |
|
5 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | size = 16, size_out = 16 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | size = 2048, size_out = 2048 |
|
5 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | size = 16, size_out = 16 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | size = 100, size_out = 100 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | size = 4096, size_out = 4096 |
|
4 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | size = 16, size_out = 16 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eU hUOpSLo1i4Gt1-\dRpyRpiQoSNMN.doc | size = 88169, size_out = 88169 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\eU hUOpSLo1i4Gt1-\6q0bLSfsI99nsKZgbUK-\Kx5ZAZpck.doc | size = 71839, size_out = 71839 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Documents\6uozLLksTjy-I_8S2\7ODHp5SY0aWFt.doc | size = 57134, size_out = 57134 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\8Eto1TyVFZjo4BMXDt k.png | size = 81551, size_out = 81551 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K4MNL6cpEazj_.jpg | size = 57034, size_out = 57034 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\tIZxC.jpg | size = 33572, size_out = 33572 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ug8-t\C36le\8Xy6OTaJ.doc | size = 13795, size_out = 13795 |
|
1 | |
| Read | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ug8-t\C36le\oE3yZAx.jpg | size = 88553, size_out = 88553 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-convert-l1-1-0.dll | size = 22328 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-environment-l1-1-0.dll | size = 18736 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-filesystem-l1-1-0.dll | size = 20280 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-heap-l1-1-0.dll | size = 19256 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-locale-l1-1-0.dll | size = 18744 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-math-l1-1-0.dll | size = 28984 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-multibyte-l1-1-0.dll | size = 26424 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-private-l1-1-0.dll | size = 73016 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-process-l1-1-0.dll | size = 19256 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-runtime-l1-1-0.dll | size = 22840 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-stdio-l1-1-0.dll | size = 24368 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-string-l1-1-0.dll | size = 23488 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-time-l1-1-0.dll | size = 20792 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/api-ms-win-crt-utility-l1-1-0.dll | size = 18744 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/freebl3.dll | size = 332752 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/mozglue.dll | size = 139216 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/msvcp140.dll | size = 440120 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/nssdbm3.dll | size = 92624 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/softokn3.dll | size = 144336 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\/vcruntime140.dll | size = 83784 |
|
1 | |
| Delete Directory | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\ | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2050639692405252107238.tmp | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2090728026587937662831.tmp | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-shm | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp-wal | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\209150999161799351040.tmp | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2094154416568243267156.tmp | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\209462181970846185275.tmp | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2094787740586167683457.tmp | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\curbuf.dat | - |
|
8 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-console-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-datetime-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-debug-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-errorhandling-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-file-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-file-l1-2-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-file-l2-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-handle-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-heap-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-interlocked-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-libraryloader-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-localization-l1-2-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-memory-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-namedpipe-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-processenvironment-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-processthreads-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-processthreads-l1-1-1.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-profile-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-rtlsupport-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-string-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-synch-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-synch-l1-2-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-sysinfo-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-timezone-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-core-util-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-conio-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-convert-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-environment-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-filesystem-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-heap-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-locale-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-math-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-multibyte-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-private-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-process-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-runtime-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-stdio-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-string-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-time-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\api-ms-win-crt-utility-l1-1-0.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\freebl3.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\mozglue.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\msvcp140.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\nss3.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\nssdbm3.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\softokn3.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\ucrtbase.dll | - |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\\vcruntime140.dll | - |
|
1 |
Registry (383)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
2 | |
| Create Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\ | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\monero-project\monero-core | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = NoRun, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = NoDrives, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = RestrictRun, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = NoNetConnectDisconnect, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = NoRecentDocsHistory, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | value_name = NoClose, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer | value_name = Version, data = 8.0.7601.17514, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 | value_name = Email, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 | value_name = Email, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 User, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Server, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Port, data = 240, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = POP3 Password, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = IMAP Server, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = Email, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP User, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Server, type = REG_BINARY |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Port, data = 240, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 | value_name = SMTP Password, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 | value_name = Email, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary | value_name = Email, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\monero-project\monero-core | value_name = wallet_path, data = 0 |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt | value_name = strDataDir, data = 0 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | value_name = ProcessorNameString, data = Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayName, data = Adobe Flash Player 10 Plugin, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin | value_name = DisplayVersion, data = 10.3.183.75, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayName, data = Google Chrome, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome | value_name = DisplayVersion, data = 58.0.3029.110, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayName, data = Mozilla Firefox 25.0 (x86 en-US), type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) | value_name = DisplayVersion, data = 25.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayName, data = Mozilla Maintenance Service, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService | value_name = DisplayVersion, data = 25.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayName, data = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} | value_name = DisplayVersion, data = 12.0.21005, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | value_name = DisplayName, data = Java 7 Update 45, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} | value_name = DisplayVersion, data = 7.0.450, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayName, data = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} | value_name = DisplayVersion, data = 11.0.61030.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayName, data = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} | value_name = DisplayVersion, data = 12.0.30501.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = DisplayName, data = Java Auto Updater, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} | value_name = DisplayVersion, data = 2.1.9.8, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayName, data = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} | value_name = DisplayVersion, data = 14.10.25017, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayName, data = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} | value_name = DisplayVersion, data = 14.10.25017, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayName, data = Microsoft Visual C++ 2005 Redistributable, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | value_name = DisplayVersion, data = 8.0.61001, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayName, data = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} | value_name = DisplayVersion, data = 9.0.30729.6161, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayName, data = Adobe Reader X MUI, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} | value_name = DisplayVersion, data = 10.0.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayName, data = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} | value_name = DisplayVersion, data = 11.0.61030, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayName, data = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} | value_name = DisplayVersion, data = 11.0.61030, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayName, data = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} | value_name = DisplayVersion, data = 11.0.61030.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayName, data = Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} | value_name = DisplayVersion, data = 14.10.25017.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayName, data = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} | value_name = DisplayVersion, data = 12.0.30501.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayName, data = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} | value_name = DisplayVersion, data = 10.0.40219, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | value_name = DisplayName, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 | value_name = DisplayVersion, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayName, data = Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} | value_name = DisplayVersion, data = 14.10.25017.0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayName, data = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} | value_name = DisplayVersion, data = 12.0.21005, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography | value_name = MachineGuid, data = 0303d5b4-ffe9-470e-9dd8-7d9ec416e53f, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion | value_name = ProductName, data = 87 |
|
2 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 | |
| Enumerate Keys | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | show_window = SW_HIDE |
|
1 |
Module (321)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | MSIMG32.DLL | base_address = 0x750f0000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x757c0000 |
|
8 | |
| Load | user32.dll | base_address = 0x775b0000 |
|
4 | |
| Load | advapi32.dll | base_address = 0x75720000 |
|
3 | |
| Load | oleaut32.dll | base_address = 0x762b0000 |
|
1 | |
| Load | gdi32.dll | base_address = 0x766d0000 |
|
1 | |
| Load | ole32.dll | base_address = 0x764e0000 |
|
4 | |
| Load | crypt32.dll | base_address = 0x75d80000 |
|
1 | |
| Load | crtdll.dll | base_address = 0x6c240000 |
|
1 | |
| Load | Gdiplus.dll | base_address = 0x743d0000 |
|
7 | |
| Load | shell32.dll | base_address = 0x76900000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77ab0000 |
|
1 | |
| Load | C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\nss3.dll | base_address = 0x73dc0000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
1 | |
| Load | kernel32 | base_address = 0x0 |
|
1 | |
| Load | kernel32 | base_address = 0x757c0000 |
|
1 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
1 | |
| Load | vaultcli.dll | base_address = 0x73a00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x757c0000 |
|
17 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x775b0000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\1.exe | base_address = 0x400000 |
|
3 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77ab0000 |
|
2 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x75720000 |
|
2 | |
| Get Handle | c:\windows\syswow64\wininet.dll | base_address = 0x75a80000 |
|
2 | |
| Get Handle | api-ms-win-core-synch-l1-2-0.dll | base_address = 0x74fe0000 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\1.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x757d4f2b |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x757d1252 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x757d4208 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x757d359f |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address_out = 0x77af0fcb |
|
8 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77ae9d35 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x757d5235 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = NotifyWinEvent, address_out = 0x775d2592 |
|
1 | |
| Get Address | c:\windows\syswow64\msimg32.dll | function = GradientFill, address_out = 0x750f1304 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77ae45f5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77ad2270 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x77ad22b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77ae2c42 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x757d186e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x757d1856 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LocalFree, address_out = 0x757d2d3c |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address_out = 0x757d168c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x757d110c |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x757d1725 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x757d4467 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address_out = 0x757d1450 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x757d170d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x757d192e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadLocale, address_out = 0x757d35cf |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoA, address_out = 0x757d0e00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x757d14b1 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoA, address_out = 0x757ed5e5 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address_out = 0x757d51a1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x757d34c8 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x757d7a10 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x757d1282 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x757f772f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RtlUnwind, address_out = 0x757fd1c3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address_out = 0x757d58a6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x757d51b3 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetKeyboardType, address_out = 0x77609ac4 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x7761fd1e |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharNextA, address_out = 0x775c7a1b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x757348ef |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x75734907 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7573469d |
|
2 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysFreeString, address_out = 0x762b3e59 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysReAllocStringLen, address_out = 0x762b7810 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysAllocStringLen, address_out = 0x762b45d2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x757d1245 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegEnumKeyA, address_out = 0x7574a299 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = FreeSid, address_out = 0x7573412e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x757d10ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExW, address_out = 0x757d495d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x757d49d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalUnlock, address_out = 0x757ecfdf |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalLock, address_out = 0x757ed0a7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemInfo, address_out = 0x757d49ca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x757d1222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x757d1b18 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x757d11f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x757d1809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x757d54ee |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x757d4435 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x757d4442 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x757d89b3 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateDirectoryW, address_out = 0x757d4259 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileW, address_out = 0x757f830d |
|
2 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = SelectObject, address_out = 0x766e4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = DeleteObject, address_out = 0x766e5689 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = DeleteDC, address_out = 0x766e58b3 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = CreateCompatibleDC, address_out = 0x766e54f4 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = CreateCompatibleBitmap, address_out = 0x766e5f49 |
|
1 | |
| Get Address | c:\windows\syswow64\gdi32.dll | function = BitBlt, address_out = 0x766e5ea6 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = ReleaseDC, address_out = 0x775c7446 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetSystemMetrics, address_out = 0x775c7d2f |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetDC, address_out = 0x775c72c4 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharToOemBuffA, address_out = 0x775db1b0 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = OleInitialize, address_out = 0x764fefd7 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CoCreateInstance, address_out = 0x76529d0b |
|
1 | |
| Get Address | c:\windows\syswow64\crypt32.dll | function = CryptUnprotectData, address_out = 0x75db5a7f |
|
1 | |
| Get Address | Unknown module name | function = wcscmp, address_out = 0x6c25032a |
|
1 | |
| Get Address | Unknown module name | function = GdiplusStartup, address_out = 0x743f5600 |
|
1 | |
| Get Address | Unknown module name | function = GdiplusShutdown, address_out = 0x743f56be |
|
1 | |
| Get Address | Unknown module name | function = GdipCreateBitmapFromHBITMAP, address_out = 0x74406671 |
|
1 | |
| Get Address | Unknown module name | function = GdipGetImageEncodersSize, address_out = 0x74412203 |
|
1 | |
| Get Address | Unknown module name | function = GdipGetImageEncoders, address_out = 0x7441228c |
|
1 | |
| Get Address | Unknown module name | function = GdipDisposeImage, address_out = 0x74404cc8 |
|
1 | |
| Get Address | Unknown module name | function = GdipSaveImageToStream, address_out = 0x74404153 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CreateStreamOnHGlobal, address_out = 0x7650363b |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = GetHGlobalFromStream, address_out = 0x765041d5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x757d4173 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameW, address_out = 0x757ddd0e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalMemoryStatus, address_out = 0x757d8b6d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x757d3f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSize, address_out = 0x757d196e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x757d1410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x757d3ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexA, address_out = 0x757d4c6b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address_out = 0x757d111e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x757d11c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentDirectoryW, address_out = 0x757d5611 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEnvironmentVariableW, address_out = 0x757d89f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetCurrentDirectoryW, address_out = 0x757e1260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalMemoryStatusEx, address_out = 0x757fd4c4 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x757f735f |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x757f8baf |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x757f896c |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x757d4950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDllDirectoryW, address_out = 0x7585004f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocalTime, address_out = 0x757d5aa6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTimeZoneInformation, address_out = 0x757d465a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RemoveDirectoryW, address_out = 0x758544cf |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDriveStringsA, address_out = 0x757de4dc |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeA, address_out = 0x757eef75 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x757d103d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetUserNameW, address_out = 0x7573157a |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExW, address_out = 0x757340fe |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x757346ad |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7573468d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = AllocateAndInitializeSid, address_out = 0x757340e6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = LookupAccountSidA, address_out = 0x75761daa |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CreateProcessAsUserW, address_out = 0x7572c592 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CheckTokenMembership, address_out = 0x7572df04 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyW, address_out = 0x75732459 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegEnumKeyW, address_out = 0x7573445b |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegEnumValueW, address_out = 0x757348cc |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptAcquireContextA, address_out = 0x757291dd |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptCreateHash, address_out = 0x7572df4e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptHashData, address_out = 0x7572df36 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptGetHashParam, address_out = 0x7572df7e |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptDestroyHash, address_out = 0x7572df66 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CryptReleaseContext, address_out = 0x7572e124 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = EnumDisplayDevicesW, address_out = 0x775ee567 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = wvsprintfA, address_out = 0x775daad3 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetKeyboardLayoutList, address_out = 0x775d2e69 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteExW, address_out = 0x76921e46 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlComputeCrc32, address_out = 0x77b6ffc1 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x75aaf18e |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x75aa49e9 |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x75aa4c7d |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpAddRequestHeadersA, address_out = 0x75a9dcd2 |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x75b118f8 |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x75a9b406 |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x75a9ab49 |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCrackUrlA, address_out = 0x75a8d075 |
|
2 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetSetOptionA, address_out = 0x75a975e8 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x757d4d28 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitOnceExecuteOnce, address_out = 0x757ed627 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventExW, address_out = 0x7585410b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreW, address_out = 0x757eca5a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x75854195 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x757eee7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x77af441c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x77b1c50e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x77b1c381 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x757ef088 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x77b005d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x77b1ca24 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77ad0b8c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x77b8fde8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x77b21e1d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x7584cd11 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount64, address_out = 0x757eeee0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandleEx, address_out = 0x757ec78f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileInformationByHandle, address_out = 0x757fcbfc |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimePreciseAsFileTime, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeConditionVariable, address_out = 0x77ae8456 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WakeConditionVariable, address_out = 0x77b57de4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WakeAllConditionVariable, address_out = 0x77b1409d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SleepConditionVariableCS, address_out = 0x75854b32 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeSRWLock, address_out = 0x77ae8456 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = AcquireSRWLockExclusive, address_out = 0x77ae29f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TryAcquireSRWLockExclusive, address_out = 0x77af4892 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseSRWLockExclusive, address_out = 0x77ae29ab |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SleepConditionVariableSRW, address_out = 0x75854b74 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWork, address_out = 0x757eee45 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SubmitThreadpoolWork, address_out = 0x77b28491 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWork, address_out = 0x77b1d8e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x758546b1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x75854751 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x758547f1 |
|
1 | |
| Get Address | Unknown module name | function = InitializeConditionVariable, address_out = 0x77ae8456 |
|
1 | |
| Get Address | Unknown module name | function = SleepConditionVariableCS, address_out = 0x75854b32 |
|
1 | |
| Get Address | Unknown module name | function = WakeAllConditionVariable, address_out = 0x77b1409d |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_open, address_out = 0x73e149c9 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_close, address_out = 0x73e13341 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_prepare_v2, address_out = 0x73dfd529 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_step, address_out = 0x73ddcfda |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_column_text, address_out = 0x73ddd453 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_column_bytes, address_out = 0x73ddd37e |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = sqlite3_finalize, address_out = 0x73ddc7d3 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = NSS_Init, address_out = 0x73e50391 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = PK11_GetInternalKeySlot, address_out = 0x73e748fe |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = PK11_Authenticate, address_out = 0x73e5d0d8 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = PK11SDR_Decrypt, address_out = 0x73e7089d |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = NSS_Shutdown, address_out = 0x73e5061c |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\2fda\nss3.dll | function = PK11_FreeSlot, address_out = 0x73e74370 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadDescription, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\ole32.dll | function = CLSIDFromString, address_out = 0x764fe599 |
|
1 | |
| Get Address | Unknown module name | function = VaultOpenVault, address_out = 0x73a026a9 |
|
1 | |
| Get Address | Unknown module name | function = VaultEnumerateItems, address_out = 0x73a03099 |
|
1 | |
| Get Address | Unknown module name | function = VaultGetItem, address_out = 0x73a03242 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x757d195e |
|
2 |
Keyboard (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_CODEPAGE, result_out = 437 |
|
1 | |
| Get Info | type = 0, result_out = 4 |
|
1 | |
| Get Info | type = KB_LOCALE_ID |
|
1 |
System (1933)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1912 | |
| Get Cursor | x_out = 504, y_out = 802 |
|
1 | |
| Get Cursor | x_out = 658, y_out = 235 |
|
2 | |
| Get Cursor | x_out = 108, y_out = 788 |
|
2 | |
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2018-09-17 14:43:32 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 166187 |
|
1 | |
| Get Time | type = System Time, time = 2018-09-17 14:43:46 (UTC) |
|
1 | |
| Get Time | type = System Time, time = 2018-09-17 14:43:47 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 204782 |
|
1 | |
| Get Time | type = Local Time, time = 2018-09-18 00:44:16 (Local Time) |
|
1 | |
| Register Hook | type = WH_MSGFILTER, hookproc_address = 0x413345 |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Hardware Information |
|
4 | |
| Get Info | type = Operating System |
|
1 |
Mutex (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = A6CF1546-B343A2EC-663D8DC8-8FF4A8C5-D82A11F69 |
|
1 | |
| Release | mutex_name = A6CF1546-B343A2EC-663D8DC8-8FF4A8C5-D82A11F69 |
|
1 |
Environment (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 | |
| Get Environment String | name = MALLOC_OPTIONS |
|
1 | |
| Set Environment String | name = PATH, value = C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\ |
|
1 |
Network Behavior
HTTP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 454 bytes |
| Total Data Received | 4.27 MB |
| Contacted Host Count | 1 |
| Contacted Hosts | workharder.club |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) |
| Server Name | workharder.club |
| Server Port | 80 |
| Data Sent | 227 |
| Data Received | 4472662 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = workharder.club, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /index.php, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | url = workharder.club/index.php |
|
1 | |
| Read Response | size = 65636, size_out = 9434 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 14648 |
|
1 | |
| Read Response | size = 65636, size_out = 20416 |
|
1 | |
| Read Response | size = 65636, size_out = 37987 |
|
1 | |
| Read Response | size = 65636, size_out = 65636 |
|
1 | |
| Read Response | size = 65636, size_out = 20504 |
|
1 | |
| Read Response | size = 65636, size_out = 17520 |
|
3 | |
| Read Response | size = 65636, size_out = 14600 |
|
1 | |
| Read Response | size = 65636, size_out = 17520 |
|
1 | |
| Read Response | size = 65636, size_out = 42340 |
|
1 | |
| Read Response | size = 65636, size_out = 54020 |
|
1 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 14655 |
|
1 | |
| Read Response | size = 65636, size_out = 48180 |
|
1 | |
| Read Response | size = 65636, size_out = 32120 |
|
1 | |
| Read Response | size = 65636, size_out = 14600 |
|
1 | |
| Read Response | size = 65636, size_out = 17520 |
|
1 | |
| Read Response | size = 65636, size_out = 32120 |
|
1 | |
| Read Response | size = 65636, size_out = 65556 |
|
1 | |
| Read Response | size = 65636, size_out = 65603 |
|
1 | |
| Read Response | size = 65636, size_out = 65636 |
|
1 | |
| Read Response | size = 65636, size_out = 33772 |
|
1 | |
| Read Response | size = 65636, size_out = 3472 |
|
1 | |
| Read Response | size = 65636, size_out = 65636 |
|
1 | |
| Read Response | size = 65636, size_out = 34552 |
|
1 | |
| Read Response | size = 65636, size_out = 65636 |
|
1 | |
| Read Response | size = 65636, size_out = 16116 |
|
1 | |
| Read Response | size = 65636, size_out = 65595 |
|
1 | |
| Read Response | size = 65636, size_out = 21964 |
|
1 | |
| Read Response | size = 65636, size_out = 65636 |
|
1 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 51172 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 8816 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
2 | |
| Read Response | size = 65636, size_out = 46792 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 26320 |
|
1 | |
| Read Response | size = 65636, size_out = 33548 |
|
1 | |
| Read Response | size = 65636, size_out = 18956 |
|
1 | |
| Read Response | size = 65636, size_out = 65619 |
|
1 | |
| Read Response | size = 65636, size_out = 27804 |
|
1 | |
| Read Response | size = 65636, size_out = 32096 |
|
1 | |
| Read Response | size = 65636, size_out = 8752 |
|
1 | |
| Read Response | size = 65636, size_out = 65556 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 26384 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 36524 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 65556 |
|
1 | |
| Read Response | size = 65636, size_out = 55552 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 2976 |
|
1 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
2 | |
| Read Response | size = 65636, size_out = 61448 |
|
1 | |
| Read Response | size = 65636, size_out = 5832 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
3 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 65556 |
|
1 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 48572 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
2 | |
| Read Response | size = 65636, size_out = 61384 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 17568 |
|
1 | |
| Read Response | size = 65636, size_out = 45212 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
2 | |
| Read Response | size = 65636, size_out = 24916 |
|
1 | |
| Read Response | size = 65636, size_out = 39380 |
|
1 | |
| Read Response | size = 65636, size_out = 5832 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
6 | |
| Read Response | size = 65636, size_out = 6344 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 27772 |
|
1 | |
| Read Response | size = 65636, size_out = 65572 |
|
1 | |
| Read Response | size = 65636, size_out = 65564 |
|
1 | |
| Read Response | size = 65636, size_out = 36588 |
|
1 | |
| Read Response | size = 65636, size_out = 3472 |
|
1 | |
| Read Response | size = 65636, size_out = 8208 |
|
1 | |
| Read Response | size = 65636, size_out = 3761 |
|
1 | |
| Read Response | size = 65636, size_out = 0 |
|
1 | |
| Close Session | - |
|
2 |
HTTP Session #2
| Information | Value |
|---|---|
| User Agent | Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1) |
| Server Name | workharder.club |
| Server Port | 80 |
| Data Sent | 227 |
| Data Received | 2 |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | user_agent = Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1), access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = workharder.club, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = POST, http_version = HTTP 1.1, target_resource = /index.php, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_CERT_CN_INVALID, INTERNET_FLAG_IGNORE_CERT_DATE_INVALID, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD |
|
1 | |
| Send HTTP Request | url = workharder.club/index.php |
|
1 | |
| Read Response | size = 65636, size_out = 2 |
|
1 | |
| Read Response | size = 65636, size_out = 0 |
|
1 | |
| Close Session | - |
|
2 |
Process #3: cmd.exe
62
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "1.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:03, Reason: Child Process |
| Unmonitor | End Time: 00:03:09, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba8 |
| Parent PID | 0xae4 (c:\users\5p5nrgjn0js halpmcxz\desktop\1.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BAC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x000fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x00110fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0016ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0027ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00280000 | 0x002e6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x0049ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x00627fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000630000 | 0x00630000 | 0x007b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x01bbffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001bc0000 | 0x01bc0000 | 0x01f02fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01f10000 | 0x021defff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x4a860000 | 0x4a8abfff | Memory Mapped File | rwx |
|
|
|
- |
| winbrand.dll | 0x73df0000 | 0x73df6fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (14)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | type = file_attributes |
|
2 | |
| Get Info | 1.exe | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
4 | |
| Delete | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1.exe | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\timeout.exe | os_pid = 0xbc8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a860000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x757c0000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x757ea84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x757f3b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x757d4a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x757ea79d |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-09-17 14:44:20 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 214594 |
|
1 |
Environment (18)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp\2fda\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: timeout.exe
58
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\timeout.exe |
| Command Line | C:\Windows\system32\timeout.exe 3 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:05, Reason: Child Process |
| Unmonitor | End Time: 00:03:09, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbc8 |
| Parent PID | 0xba8 (c:\windows\syswow64\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BCC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00036fff | Pagefile Backed Memory | r |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000070000 | 0x00070000 | 0x00071fff | Pagefile Backed Memory | rw |
|
|
|
- |
| timeout.exe.mui | 0x00080000 | 0x00081fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x00090fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00110000 | 0x00176fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x0023ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0049ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x00627fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x0077ffff | Private Memory | rw |
|
|
|
- |
| timeout.exe | 0x00860000 | 0x00869fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000870000 | 0x00870000 | 0x009f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000a00000 | 0x00a00000 | 0x01dfffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01e00000 | 0x020cefff | Memory Mapped File | r |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x754f0000 | 0x754f8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x75970000 | 0x75975fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x761d0000 | 0x76226fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x768c0000 | 0x768f4fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (34)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
6 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
19 | |
| Write | STD_OUTPUT_HANDLE | size = 14 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 37 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
1 |
Module (2)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\timeout.exe | base_address = 0x860000 |
|
1 | |
| Get Filename | - | process_name = c:\windows\syswow64\timeout.exe, file_name_orig = C:\Windows\SysWOW64\timeout.exe, size = 260 |
|
1 |
System (22)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
20 | |
| Get Time | type = System Time, time = 2018-09-17 14:44:21 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 216045 |
|
1 |
